Table of Contents
Advertisement
Step 7:
Select 18 option in the prompt, it will list all arguments:
(00)access-group
......
(09)nat
......
Please Input the code of command to be excute(0-18): 9
Input 9, select nat option, prompt is as below:
(00)inside
(01)outside
Please Input the code of command to be excute(0-1): 1
Input 1, select outside option, it will sign the interface to be connected to outside network.
Note:
The access list must permit only those addresses that are to be translated. (Remember that there is an implicit "deny all" at
the end of each access list.) An access list too casual may lead to unpredictable results.
See the "Dynamic Inside Source Translation Example" section at the end of this chapter for an example
of dynamic inside source translation.
6.3.8 Overloading an Inside Global Address
You can conserve addresses in the inside global address pool by allowing the router to use one global
address for many local addresses. When this overloading is configured, the router maintains enough
information from higher-level protocols (for example, TCP or UDP port numbers) to translate the global
address back to the correct local address. When multiple local addresses map to one global address,
the TCP or UDP port numbers of each inside host distinguish between the local addresses.
Figuer 6-2 illustrates NAT operation when one inside global address represents multiple inside local
addresses. The TCP port numbers act as differentiators.
Figuer 6-2
The router performs the following process in overloading inside global addresses, as shown in Figure 6.
Both host B and host C believe they are communicating with a single host at address 2.2.2.2. They are
actually communicating with different hosts; the port number is the differentiator. In fact, many inside
hosts could share the inside global IP address by using many port numbers.
1. The user at host 1.1.1.1 opens a connection to host B.
2. The first packet that the router receives from host 1.1.1.1 causes the router to check its NAT table: If
no translation entry exists, the router determines that address 1.1.1.1 must be translated, and sets up a
translation of inside local address 1.1.1.1 to a legal global address. If overloading is enabled, and
another translation is active, the router reuses the global address from that translation and saves
enough information to be able to translate back. This type of entry is called an extended entry.
3. The router replaces the inside local source address 1.1.1.1 with the selected global address and
forwards the packet.
Specify access control for packets
NAT interface commands
Inside interface for address translation
Outside interface for address translation
NAT Overloading Inside Global Addresses
Model Name
- 162 -
Hide quick links:
Advertisement
Table of Contents
