Date post: | 10-Apr-2018 |
Category: |
Documents |
Upload: | tristancoonghe5692 |
View: | 229 times |
Download: | 0 times |
of 31
8/8/2019 ICND2 NAT
1/31
ICND2
NATNetwork Address Translation
Rudy Drew
rudydrew@ rmit.edu.au
8/8/2019 ICND2 NAT
2/31
Slide 2
Private addressing
These addresses will not be
allowed into the public internet
8/8/2019 ICND2 NAT
3/31
Slide 3
NAT
NAT is the process ofswapping one address foranother in the IP packet header e.g. 10.0.0.3 p179.9.8.80
i.e. the source address of the packet is changed by
RTA
8/8/2019 ICND2 NAT
4/31
Slide 4
NAT is designed to conserve IP addressesand enable networks to use private IP
addresses on internal networks. These private, internal addresses are
translated to routable, public addresses.
8/8/2019 ICND2 NAT
5/31
Slide 5
NAT Inside local address
Inside local address The IP address assigned to a host onthe inside network. This address is likely to be a privateaddress. Local means that a local person is looking at theaddress. Inside means that the packet is coming from a hostthat is inside your network
8/8/2019 ICND2 NAT
6/31
Slide 6
NAT Example
Inside global address A legitimate(Internet routable or public) IP address assignedby the service provider that represents one ormore inside local IP addresses to the outsideworld.
8/8/2019 ICND2 NAT
7/31
Slide 7
NAT Example
Inside global address global means that aperson from the public is looking at the address.Inside means that the packet is coming from a hostinside your network.
8/8/2019 ICND2 NAT
8/31
Slide 8
NAT Example
Outside global address The IPaddress of an outside host as it isknown to the hosts on the insidenetwork.
8/8/2019 ICND2 NAT
9/31
Slide 9
NAT Example
Outside local address is usually the same asthe outside global address but will be differentif the server also has a private address that hasbeen translated.
8/8/2019 ICND2 NAT
10/31
Slide 10
NAT Example1 2
8/8/2019 ICND2 NAT
11/31
Slide 11
NAT Example
8/8/2019 ICND2 NAT
12/31
Slide 12
NAT Example
8/8/2019 ICND2 NAT
13/31
Slide 13
PAT Port Address Translation
PAT (Port Address Translation) allows
you to use a single Public IP address andassign it up to about 4000 inside hosts
8/8/2019 ICND2 NAT
14/31
Slide 14
PAT Port Address Translation
PAT stores the TCP/UDP source port to track insideHost addresses. Note different vendors do this differentways. Usually a cisco router tracks the source port but
doesnt change its value. With PAT a multiple private IPaddresses can be translated by a single public address(many-to-one translation).
This solves the limitation ofNAT which is one-to-onetranslation.
8/8/2019 ICND2 NAT
15/31
Slide 15
Configuring Static NAT
If you have enough public addresses, you may use
statically translate some of them forservers
8/8/2019 ICND2 NAT
16/31
Slide 16
If you have enough public addresses, you
may use statically translate some of them
forservers. Static NAT is used whenspecial hosts (e.g. Web Server) needs
to always translate to the same inside
global address.
8/8/2019 ICND2 NAT
17/31
Slide 17
Configuring Static NAT
ip nat inside source static10.1.1.2 192.168.1.2
-if)#ip nat inside (on fa0/0)
-if)# ip nat outside (on S0/0)
8/8/2019 ICND2 NAT
18/31
Slide 18
Dynamic NAT
1 Create a pool
2 Write an access list to access the pool
3 Connect the pool with the inside hosts and the
access list
4Turn on
NATon the interfaces
8/8/2019 ICND2 NAT
19/31
Slide 19
ip nat pool nat-pool1
179.9.8.80 179.9.8.85netmask 255.255.255.0
Creates a dynamic pool ofaddresses
The name of this pool isnat-pool1
6 addresses may be allocated
starting at 8.80
8/8/2019 ICND2 NAT
20/31
Slide 20
access-list 1
permit 10.1.0.0
0.0.0.255This access list defines the
inside local addresses that arepermitted to be translated anduse the dynamic NAT pool.
8/8/2019 ICND2 NAT
21/31
Slide 21
ip nat inside
source list 1
pool nat-pool1This command points to an
access list to define theaddresses that are permitted tobe translated and use the dynamic
NAT ool.
8/8/2019 ICND2 NAT
22/31
Slide 22
ip nat inside source list
1 pool nat-pool1overload
Adding the word overloadchanges NAT to PAT
= Port AddressTranslation
8/8/2019 ICND2 NAT
23/31
Slide 23
PAT uses port numbers
to decide which localhost to send the return
data to
8/8/2019 ICND2 NAT
24/31
Slide 24
Configure PAT Overload
ip nat inside source list 1
interface serial 0 overload
Each inside local address istranslated to the routers S0
address
8/8/2019 ICND2 NAT
25/31
8/8/2019 ICND2 NAT
26/31
Slide 26
sh ip nat translations
for a PAT translationNotice the different port
numbers
8/8/2019 ICND2 NAT
27/31
Slide 27
Verifying NAT/PAT
sh ip nat statistics
8/8/2019 ICND2 NAT
28/31
Slide 28
clear ip nat translations *The star means all entries
8/8/2019 ICND2 NAT
29/31
Slide 29
Troubleshooting NAT/PAT
8/8/2019 ICND2 NAT
30/31
Slide 30
Issues with NAT/PAT
NAT also forces some applicationsthat use IP addressing to stop
functioning because it hides end-to-end
IP addressese.g. the SIP protocol used for VoIP writes
IP and port information inside the data.
Special methods (e.g. STUN, TURN) areused to try and make SIP work with NAT.)
8/8/2019 ICND2 NAT
31/31
Slide 31
Issues with NAT/PAT