1路由交换06网络地址翻译NAT.pptxVIP

信息安全产品配置与应用Configuration and Application of Information Security Products重庆电子工程职业学院| 路亚模块八、路由交换安全配置网络地址翻译Network Address Translation 教学目标（ Objectives ）1.私有地址（Private Addressing ）2. NAT操作（NAT Operation）3. NAT分类（NAT Class）4. 配置NAT (Configuring NAT) 5. NAT排错（Troubleshooting NAT Configuration）IP Address Class and Range1-126128-191192-223Class A:Class B:Class C:127 is lost, why?公网地址和私有地址（ Public Address and Private Address）1. 公网地址必须被注册 Public Internet addresses must be registered by a company with an Internet authority. 2. 私有地址被保留，并可以被任何人使用 Private IP addresses are reserved and can be used by anyone. 私有地址范围（Private Address Range）深职院二期网络核心拓扑图Internet上期已铺光纤Catalyst 2948G本期待铺光纤Cernet165163图书馆Cisco 7206信息大楼Backbone ChannelCatalyst 6509Catalyst 6509HSRPCatalyst 3548行政大楼ChannelChannelLoadBalanceCatalyst 4006Catalyst 2948GCatalyst 3548GCatalyst 2948G工业中心教学楼NAT操作（NAT Operation）NAT操作（NAT Operation）1. NAT典型工作存根网络的边缘A NAT enabled device typically operates at the border of a stub network. 2. 边界路由器执行NAT功能，将内部私有地址转换成公网可路由的地址。The border gateway router performs the NAT process, translating the internal private address of a host to a public, external routable address. NAT术语（NAT Terms） 1. Inside local address – 指定给内部主机使用的地址The IP address assigned to a host on the inside network. 2. Inside global address – 从SP或NIC注册的地址，即内部主机地址被NAT转换的外部地址A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. 3. Address Pool-NIC或SP分配使用的多个地址IP addresses assigned by the NIC or service provider NAT分类（NAT Class）1.静态NAT 静态NAT的特征是内部主机地址被一对一映射到外部主机地址 Static NAT is designed to allow one-to-one mapping of local and global addresses. Pc1:10.1.1.1----------200.200.200.1Pc2:10.1.1.2----------200.200.200.2Pc3:10.1.1.3----------Pc4:10.1.1.4----------X200.200.200.2?NAT分类（NAT Class）2. 动态NAT动态NAT的特征是内部主机使用地址池中的公网地址来映射Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is