- A host opens a TCP connection with virtual server 10.1.1.5
- The router receives the connection request and creates a translation, allocating the next real server IP address.
- The router replaces the destination IP address with the selected real IP address and forwards the packet.
- The server receives the packet and responds.
- The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.
Configuration:
We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} type rotary
We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated.
Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-
ip nat inside destination list access-list-number pool name
Lastly, we define inside and outside interface for NAT.
Verification:
When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10
NAT Translation Table
NAT_Router# show ip nat translationsPro Inside global Inside local Outside local Outside globaltcp 10.1.1.5:23 10.1.1.10:23 192.168.1.2:24440 192.168.1.2:24440tcp 10.1.1.5:23 10.1.1.10:23 192.168.1.2:50804 192.168.1.2:50804tcp 10.1.1.5:23 10.1.1.11:23 192.168.1.2:38530 192.168.1.2:38530
No comments:
Post a Comment