Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

NAT_CCNA4_Mod1_1.1

Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
1
Network Address Translation
NAT
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
2
Private Addressing
RFC 1918
Internal Address Range
CIDR Prefix
Class A
10.0.0.0
10.255.255.255
10.0.0.0/8
Class B
172.16.0.0
172.31.255.255
172.16.0.0/12
Class C
192.168.0.0
192.168.255.255
192.168.0.0/16
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
3
Network Address Translation
• A common use of NAT is to translate a private, nonroutable IP address into a public IP address.
E0
10.1.1.1
SA
10.1.1.11
S1
165.193.3.1
SA
165.193.1.35
Internet
Inside Host
10.1.1.11
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
4
NAT Table
•NAT table records inside to outside mappings.
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
5
Inside & Outside Addresses
• Inside Address
– IP address of a host
located on the internal
network
– May be a private, nonroutable address
NAT
e0
10.1.1.1
Inside
address
e1
165.193.3.1
Outside
address
• Outside Address
– IP address of a host
located on the external
network
– May be a public,
routable address
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
Local Host
10.0.0.11
Destination
Host
165.193.3.2
6
Local & Global Addresses
Local Address
IP address of an internal
or external host as it
appears in the internal IP
header.
Global Address
IP address of an internal
or external host as it
appears on the external IP
header.
SA
Internal Header 10.1.1.11
External Header 165.193.3.3
NAT_Introduction.ppt
NAT
e0
10.1.1.1
Internal
Network
e1
165.193.3.1
External
Network
DA
165.193.3.2
165.193.3.2
© 2003, Cisco Systems, Inc. All rights reserved.
Local Host
10.1.1.11
Destination
Host
165.193.3.2
7
IP Header Translation
As a packet moves
through a NAT device:
Inside Local Addresses
become Inside Global
Addresses
Outside Local Addresses
become Outside Global
Addresses
Internal IP Header
(Local Addresses)
Source
Address
Destination
Address
10.1.1.11
165.193.3.2
Inside Local
Address
Outside Local
Address
NAT
External IP Header
(Global Addresses)
Source
Address
Destination
Address
165.193.1.35
165.193.3.2
Inside Global
Address
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
Outside Global
Address
8
Dynamic NAT
• NAT can be dynamic or static.
• Dynamic NAT translates inside addresses using
a pool of global addresses.
• Each inside local address is dynamically
assigned an inside global address from an
administratively defined pool of addresses.
• Dynamic NAT enables hosts on a private network
to access the internet by translating private
addresses into public addresses.
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
9
Inbound Traffic
• As an inbound packet
enters the NAT router
destined for a host on
the inside network, the
global address is
referenced in the NAT
table and replaced
with the inside local
address.
DA
10.1.1.112
Local Address
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
Inside Local
IP Address
Inside Global
IP Address
10.0.0.110
204.168.1.33
10.0.0.111
204.168.1.34
10.0.0.112
204.168.1.35
DA
204.168.1.35
Global Address
10
Configure Dynamic Nat
• Define a pool of global addresses to be allocated as
needed.
router(config)# ip nat pool pool-name startip end-ip netmask netmask
• Define a standard access list to identify which hosts
will be translated.
router(config)# access-list number permit
network mask
• Establish dynamic source translation, identifying the
access list defined in the previous step.
router(config)# ip nat inside source list
access-list-num pool pool-name
• Identify interfaces as inside or outside with regard to
NAT.
router(config-if)# ip nat {inside|outside}
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
11
Sample Dynamic NAT Configuration
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
12
Confirming NAT Operation
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
13
Troubleshooting NAT
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
14
Static NAT
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
15
Static NAT
• Permits devices with a
private address to be seen
on a public network.
• Static translations are
entered directly into the
configuration and are
always in the translation
table.
SA
SA
10.1.1.11
192.168.1.35
router(config)# ip
nat inside source
static 10.1.1.11
192.168.1.35
• Typically used for web
servers.
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
Internet
Inside Host
10.1.1.11
16
Configure Static Nat
• Establish static translation between inside and
outside addresses.
router(config)# ip nat inside source static
local-ip global-ip
• Identify interfaces as inside or outside with
regard to NAT.
router(config-if)# ip nat {inside|outside}
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
17
Static NAT Sample Configuration
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
18
Port Address Translation
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
19
Port Address Translation (PAT)
• Sometimes called
overloading.
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
PAT
192.168.1.33:4376
192.168.1.33:1103
10.0.0.110:4376
10.0.0.111:1103
• Utilizes port numbers
to differentiate
between inside local
addresses.
192.168.1.33:1743
• PAT is the process of
dynamically mapping
multiple inside
addresses to a single
globally routable
address.
20
NAT Overload
• The PAT router keeps track of the different
conversations by mapping TCP and UDP
port numbers in the NAT table.
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
21
Overloading NAT
• Configure a NAT pool
• Create an access list to determine which
address should be translated
• Assign this access list to the NAT pool
and set it for overload
• Assign inside and outside interfaces
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
22
Overloading NAT
• Configure NAT pool
Range of addresses:
ip nat pool bigpool 192.168.1.33 192.168.1.57
netmask 255.255.255.224
Single address
ip nat pool smallpool 192.168.1.33 192.168.1.33
netmask 255.255.255.224
• Create a standard access list to identify which addresses
should be translated
access-list 24 permit 10.0.0.0 0.255.255.255
• Assign this access list to the NAT pool and set it for overload
ip nat inside source list 24 pool bigpool overload
• Assign inside and outside interfaces
router(config-if)# ip nat {inside|outside}
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
23
PAT: Address Overload
NAT_Introduction.ppt
© 2003, Cisco Systems, Inc. All rights reserved.
24
NAT_Introduction.ppt
Presentation_ID
© 2001,
2003, Cisco Systems, Inc. All rights reserved.
25
Related documents
Operating Systems - Shawlands Academy
Operating Systems - Shawlands Academy
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
Chapter 8
Chapter 8
Department of Computing Studies
Department of Computing Studies
Packet Tracer 5 3 8 2 - Class
Packet Tracer 5 3 8 2 - Class
Causes of the Civil War
Causes of the Civil War
Using NAT as a layer of defense
Using NAT as a layer of defense
Download