Pertemuan 14 Scaling Networks with NAT and PAT 1
advertisement
Pertemuan 14 Scaling Networks with NAT and PAT 1 Discussion Topics • • • • • • • Private addressing Introducing NAT and PAT Major NAT and PAT features Configuring NAT and PAT Verifying PAT configuration Troubleshooting NAT and PAT configuration Issues with NAT 2 Private Addressing NAT • A NAT-enabled device typically operates at the border of a stub network. NAT Terms • Inside Local Addresses – An IP address assigned to a host inside a network. This address is likely to be a RFC 1918 private address. • Inside Global Address – A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP address to the outside world. • Outside Local Address - The IP address of an outside host as it known to the hosts in the inside network. • Outside Global Address - The IP address assigned to a host on the outside network. The owner of the host assigns this address. NAT Features • Static NAT is designed to allow one-to-one mapping of local and global addresses. Inside http://179.9.8.10 Outside 10.0.0.10 10.0.0.2 DA DA 10.0.0.10 179.9.8.10 Internet NAT Table Inside Local IP Address 10.0.0.2 10.0.0.10 Inside Global IP Address 179.9.8.80 179.9.8.10 NAT Features • Dynamic NAT is designed to map a private IP address to a public address. Inside Outside 10.0.0.10 SA 179.8.9.80 Internet SA 10.0.0.2 10.0.0.2 NAT Table Inside Local IP Address 10.0.0.2 10.0.0.10 Inside Global IP Address 179.9.8.80 179.9.8.10 PAT Features • PAT uses unique source port numbers on the inside global IP address to distinguish between translations. Inside Outside 10.0.0.3 202.6.3.2 SA SA 10.0.0.3:2333 179.9.8.80:1345 Internet SA SA 179.9.8.80:2333 126.23.2.2 10.0.0.2:1456 10.0.0.2 NAT Table Inside Local IP Address 10.0.0.2:1456 Inside Global IP Address 179.9.8.80:1456 Outside Local IP Address 202.6.3.2:80 10.0.0.3:2333 179.9.8.80:2333 126.23.2.2:80 Outside Global IP Address 202.6.3.2:80 126.23.2.2:80 NAT Benefits • Eliminates re-assigning each host a new IP address when changing to a new ISP • Eliminates the need to re-address all hosts that require external access, saving time and money • Conserves addresses through application port-level multiplexing • Protects network security Configuring Static NAT Translations • Static translation are entered directly into the configuration and are permanent in the translation table Router(config)#ip nat inside source static 10.6.1.20 171.69.68.10 Inside/Outside interface Outside Network Inside Network Inside Interface Inside Host ip nat inside NAT Outside Interface ip nat outside Outside Host Router(config-if)#ip nat inside • An interface on the router can be defined as inside or outside • Translations occur only from inside to outside interfaces or vice versa—never between the same type of interface Configuring Static NAT Dynamic Translations • Dynamic translation specify the pool of global addresses that inside addresses can be translated into Router(config)#ip nat pool nat-pool 179.9.8.80 179.9.8.95 netmask 255.255.255.240 • Dynamic translations use access lists to identify IP addresses that NAT should create translations for Router(config)#ip nat inside source list 1 pool nat-pool Router(config)#access-list 1 permit 10.0.0.0 0.0.255.255 Configuring Dynamic NAT Configuring PAT • Establishes overload translation, specifying the IP address to be overloaded as that assigned to an outside interface Router(config)#ip nat inside source list 1 interface serial0/0 overload • Establishes overload translation, specifying the IP address to be overloaded as that assigned to a pool name Router(config)# ip nat pool nat-pool2 179.9.8.20 netmask 255.255.255.240 Router(config)#ip nat inside source list 1 pool nat-pool2 overload Configuring PAT Clearing the NAT Translation Table Router#clear ip nat translation * • Clears all dynamic address translation entries Verifying NAT and PAT Configuration Troubleshooting NAT and PAT Issues With NAT
