Configuration Guide Configuring NAT
Dynamic NAT
Dynamic NAT establishes temporary mapping relationships between inside local addresses and inside global addresses.
The temporary mapping relationships will be removed when unused in a certain period of time. Dynamic NAT can be
configured in the following case: An intranet accesses extranet services only but does not provide services, and the
number of intranet hosts is greater than the number of global IP addresses.
Overview
This feature translates inside private addresses into globally unique addresses, so that the
intranet and the public network can communicate with each other.
This feature maps multiple inside local addresses to one inside global address, so as to resolve
the problem of IP address depletion.
This feature enables overlapping networks to communicate.
This feature resolves the problem of TCP traffic overload.
Constructing a Local
Server
This feature enables extranet to access the local server.
NAT changes only the header of an IP packet but not the payload of a specific application
protocol. Therefore, the Application Level Gateway (ALG) is introduced to support application
layer protocols.
10.3.1 Basic NAT
NAT is required for an intranet to communicate with an extranet by translating an inside private IP address into a globally
unique IP address. You can configure static or dynamic NAT or both to implement interconnection and interworking.
Working Principle
1. An IP packet sent by an intranet host (192.168.1.2) to an extranet server (8.8.8.8) reaches an NAT device.
2. The NAT device checks the content of the IP packet, and finds that the IP packet is destined to an extranet.
Therefore, the NAT device translates the private IP address 192.168.1.2 in the source IP address field of the IP
packet into a public IP address 30.1.1.1 routable on the Internet, sends the IP packet to the extranet server, and at
the same time records the mapping in its own NAT table.
3. The extranet server returns a response packet (in which the initial destination IP address is 30.1.1.1) to the intranet
user. When the response packet reaches the NAT device, the NAT device checks the content of the response packet,
looks up the mapping record in the NAT table, and replaces the initial destination IP address with the inside private IP
address 192.168.1.2.
The above NAT process is transparent to terminals, such as the host and the server shown in the preceding figures. In the
point of view of the extranet server, the IP address of the intranet host is 30.1.1.1 and the extranet server itself does not
know the existence of the IP address 192.168.1.2 at all. Therefore, NAT "hides" the private network of an enterprise.
Basic NAT includes static NAT and dynamic NAT.
Related Configuration
Configuring NAT Interfaces
An interface is not an NAT interface by default.
To Next Page
Loading...
Need help?
General
