Nat pat
CYBERINTELLIGENTS
3,704 views
27 slides
May 14, 2015
Slide 1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
About This Presentation
http://www.cyberintelligents.in
[email protected]
https://www.facebook.com/cyberintelligents
https://in.linkedin.com/in/cyberintelligents/en
https://cyberintelligents.wordpress.com/
http://cyberintelligent.blogspot.in
+91 9876162698 +919988288019
http://trainingcyberintelligents.blogspot.c...
Slide Content
ICND v2.0—6-1© 2002, Cisco Systems, Inc. All rights reserved. 1
Scaling the network
with
nat and Pat
Scaling the network
with
nat and Pat
ICND v2.0—6-2© 2002, Cisco Systems, Inc. All rights reserved. 2
Intro to NAT/PAT
NAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip
address on a network with the global or public ip addresses.
Requirement of NAT when..
1.you need to connect to the Internet and your hosts don’t have global unique ip
addresses. We are using private addresses.
2.
2. You change your network to another ISP and that require to renumber your
network. Then using the nat we didn’t need to change our ip addresses.
3. You need to merge two internets with duplicate addresses.
4.No any host from the foreign network can access our local network. Local network
security.
Intro to NAT/PAT
NAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip
address on a network with the global or public ip addresses.
Requirement of NAT when..
1.you need to connect to the Internet and your hosts don’t have global unique ip
addresses. We are using private addresses.
2.
2. You change your network to another ISP and that require to renumber your
network. Then using the nat we didn’t need to change our ip addresses.
3. You need to merge two internets with duplicate addresses.
4.No any host from the foreign network can access our local network. Local network
security.
ICND v2.0—6-3© 2002, Cisco Systems, Inc. All rights reserved. 3
Advantages disadvantages
1.Conserves legally registered addresses 1.Translation introduces switching path
2.Reduces address overlap occurrencedelays.
3.Increase flexibility when connecting to 2. loss of end to end IP traceability.
internet
4. Eliminates address renumbering as 3. certain applications will not function
network changes. With nat enabled.
NAT terms:-
Inside local:Name of inside source address before translation
Outside local:Name of the destination host before translation
Inside global:Name of inside host after translation
Outside global:Name of outside destination host after translation
Advantages disadvantages
1.Conserves legally registered addresses 1.Translation introduces switching path
2.Reduces address overlap occurrencedelays.
3.Increase flexibility when connecting to 2. loss of end to end IP traceability.
internet
4. Eliminates address renumbering as 3. certain applications will not function
network changes. With nat enabled.
NAT terms:-
Inside local:Name of inside source address before translation
Outside local:Name of the destination host before translation
Inside global:Name of inside host after translation
Outside global:Name of outside destination host after translation
ICND v2.0—6-4
NAT types………………………………
Static NAT:- it is the type of Nat that is designed to allow One-to-one mapping
between the local ip addresses and global ip addresses.
BUT keep in mind that
static NAT require that YOU MUST HAVE ONE REAL INTERNET IP ADDRESS
FOR EVERY HOST ON YOUR NETWORK.
Dynamic NAT:- this gives the ability to map an unregistered ip address with a
registered ip address from out of pool of ip addresses. you don’t have to statically
configure your router to map an inside address with an outside address like in static
NAT.
But you must have the sufficient number of ip addresses for every user
who`s going to transfer packets with internet rSkoa lchig23 +SkP+noScc ttoklitlnhi 45dPonhtohton otno"lon oo
n orSkowihg"lnhioohnohton on oocilhworSkonlno lto"nh owloho
lcc tt tohnolothig o ghtn coholcc tt to66$lio7nPi o
"nohnohtotno
"t co wl"t oohnto ln" o o"thigon ot whlonoi" oo a onlitln co
lcc tt tohnon ogloholcc tt on"gohwo owliolnnlwo"ihhn coioo
"t tohnon ohin i no"thigolothig oholcc ttoio
NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of
the NAT configuration it is the type of dynamic NAT. that maps multiple local ip
addresses with a single registered ip addresses. __Many –to-One.
But it is mostly
used because of its feature of using the special port number for every translated
addresses with the global ip address through which we can attach unlimited no. of
users with the internet using a single ip address only
NAT types………………………………
Static NAT:- it is the type of Nat that is designed to allow One-to-one mapping
between the local ip addresses and global ip addresses.
BUT keep in mind that
static NAT require that YOU MUST HAVE ONE REAL INTERNET IP ADDRESS
FOR EVERY HOST ON YOUR NETWORK.
Dynamic NAT:- this gives the ability to map an unregistered ip address with a
registered ip address from out of pool of ip addresses. you don’t have to statically
configure your router to map an inside address with an outside address like in static
NAT.
But you must have the sufficient number of ip addresses for every user
who`s going to transfer packets with internet rSkoa lchig23 +SkP+noScc ttoklitlnhi 45dPonhtohton otno"lon oo
n orSkowihg"lnhioohnohton on oocilhworSkonlno lto"nh owloho
lcc tt tohnolothig o ghtn coholcc tt to66$lio7nPi o
"nohnohtotno
"t co wl"t oohnto ln" o o"thigon ot whlonoi" oo a onlitln co
lcc tt tohnon ogloholcc tt on"gohwo owliolnnlwo"ihhn coioo
"t tohnon ohin i no"thigolothig oholcc ttoio
NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of
the NAT configuration it is the type of dynamic NAT. that maps multiple local ip
addresses with a single registered ip addresses. __Many –to-One.
But it is mostly
used because of its feature of using the special port number for every translated
addresses with the global ip address through which we can attach unlimited no. of
users with the internet using a single ip address only
ICND v2.0—6-5
•An IP address is either local or global.
•Local IP addresses are seen in the inside network.
•An IP address is either local or global.
•Local IP addresses are seen in the inside network.
ICND v2.0—6-6
ICND v2.0—6-7
ICND v2.0—6-8
•Establishes static translation between an inside local address
and an inside global address
Router(config)#ip nat inside source static local-ip global-ip
•Marks the interface as connected to the inside
Router(config-if)#ip nat inside
•Marks the interface as connected to the outside
Router(config-if)#ip nat outside
•Establishes static translation between an inside local address
and an inside global address
Router(config)#ip nat inside source static local-ip global-ip
•Marks the interface as connected to the inside
Router(config-if)#ip nat inside
•Marks the interface as connected to the outside
Router(config-if)#ip nat outside
ICND v2.0—6-9© 2002, Cisco Systems, Inc. All rights reserved. 9
NAT configuration
TO CONFIGURE STATIC NAT------------
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat inside source static 10.0.0.2 20.0.0.3
r3(config)#exit
r3#show ip nat translations
r3#show ip nat statistics
TO REMOVE STATIC NAT:----
r3#conf t
r3(config)#no ip nat inside source static 10.0.0.2 20.0.0.3
NAT configuration
TO CONFIGURE STATIC NAT------------
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat inside source static 10.0.0.2 20.0.0.3
r3(config)#exit
r3#show ip nat translations
r3#show ip nat statistics
TO REMOVE STATIC NAT:----
r3#conf t
r3(config)#no ip nat inside source static 10.0.0.2 20.0.0.3
ICND v2.0—6-10
ICND v2.0—6-11
•Establishes dynamic source translation, specifying the access
list defined in the prior step
Router(config)#ip nat inside source list
access-list-number pool name
•Defines a pool of global addresses to be allocated as needed
Router(config)#ip nat pool name start-ip end-ip
{netmask netmask | prefix-length prefix-length}
•Defines a standard IP access list permitting those inside local
addresses that are to be translated
Router(config)#access-list access-list-number permit
source [source-wildcard]
•Establishes dynamic source translation, specifying the access
list defined in the prior step
Router(config)#ip nat inside source list
access-list-number pool name
•Defines a pool of global addresses to be allocated as needed
Router(config)#ip nat pool name start-ip end-ip
{netmask netmask | prefix-length prefix-length}
•Defines a standard IP access list permitting those inside local
addresses that are to be translated
Router(config)#access-list access-list-number permit
source [source-wildcard]
ICND v2.0—6-12© 2002, Cisco Systems, Inc. All rights reserved. 12
Configuring Dynamic Translation
HOW TO CONFIGURE DYNAMIC NAT---
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat pool abc 20.0.0.3 20.0.0.5 netmask 255.255.255.0
r3(config)#access-list 1 permit any
r3(config)#ip nat inside source list 1 pool abc
r3(config)#^Z
r3#sh ip nat translations
r3#sh ip nat statistics
r3#clear ip nat translation *
HOW TO REMOVE DYNAMIC NAT------------
r3>en
r3#conf t
r3(config)#no ip nat inside source list 1 pool abc forced
r3(config)#no access-list 1
r3(config)#no ip nat pool abc
Configuring Dynamic Translation
HOW TO CONFIGURE DYNAMIC NAT---
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat pool abc 20.0.0.3 20.0.0.5 netmask 255.255.255.0
r3(config)#access-list 1 permit any
r3(config)#ip nat inside source list 1 pool abc
r3(config)#^Z
r3#sh ip nat translations
r3#sh ip nat statistics
r3#clear ip nat translation *
HOW TO REMOVE DYNAMIC NAT------------
r3>en
r3#conf t
r3(config)#no ip nat inside source list 1 pool abc forced
r3(config)#no access-list 1
r3(config)#no ip nat pool abc
ICND v2.0—6-13
ICND v2.0—6-14
ICND v2.0—6-15
•Establishes dynamic source translation, specifying the access
list defined in the prior step
Router(config)#ip nat inside source list
access-list-number interface interface overload
•Defines a standard IP access list permitting those inside local
addresses that are to be translated
Router(config)#access-list access-list-number permit
source source-wildcard
•Establishes dynamic source translation, specifying the access
list defined in the prior step
Router(config)#ip nat inside source list
access-list-number interface interface overload
•Defines a standard IP access list permitting those inside local
addresses that are to be translated
Router(config)#access-list access-list-number permit
source source-wildcard
ICND v2.0—6-16© 2002, Cisco Systems, Inc. All rights reserved. 16
Configuring nat overloading PAT
HOW TO CONFIGURE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS
TRANSLATION)---
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat pool xyz 20.0.0.1 20.0.0.1 prefix-length 24
r3(config)#access-list 1 permit any
r3(config)#ip nat inside source list 1 pool xyz overload
r3(config)#^Z
r3#sh ip nat translations
r3#sh ip nat statistics
r3#clear ip nat translation *
HOW TO REMOVE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS
TRANSLATION)---
r3>en
r3#conf t
r3(config)#no ip nat inside source list 1 pool xyz forced
r3(config)#no access-list 1
r3(config)#no ip nat pool xyz
Configuring nat overloading PAT
HOW TO CONFIGURE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS
TRANSLATION)---
r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat pool xyz 20.0.0.1 20.0.0.1 prefix-length 24
r3(config)#access-list 1 permit any
r3(config)#ip nat inside source list 1 pool xyz overload
r3(config)#^Z
r3#sh ip nat translations
r3#sh ip nat statistics
r3#clear ip nat translation *
HOW TO REMOVE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS
TRANSLATION)---
r3>en
r3#conf t
r3(config)#no ip nat inside source list 1 pool xyz forced
r3(config)#no access-list 1
r3(config)#no ip nat pool xyz
ICND v2.0—6-17
ICND v2.0—6-18
•Clears a simple dynamic translation entry containing an inside
translation, or both inside and outside translation
Router#clear ip nat translation inside global-ip
local-ip [outside local-ip global-ip]
•Clears all dynamic address translation entries
Router#clear ip nat translation *
•Clears a simple dynamic translation entry containing an outside translation
Router#clear ip nat translation outside
local-ip global-ip
•Clears an extended dynamic translation entry
Router#clear ip nat translation protocol inside global-ip
global-port local-ip local-port [outside local-ip
local-port global-ip global-port ]
•Clears a simple dynamic translation entry containing an inside
translation, or both inside and outside translation
Router#clear ip nat translation inside global-ip
local-ip [outside local-ip global-ip]
•Clears all dynamic address translation entries
Router#clear ip nat translation *
•Clears a simple dynamic translation entry containing an outside translation
Router#clear ip nat translation outside
local-ip global-ip
•Clears an extended dynamic translation entry
Router#clear ip nat translation protocol inside global-ip
global-port local-ip local-port [outside local-ip
local-port global-ip global-port ]
ICND v2.0—6-19
•Displays translation statistics
Router#show ip nat statistics
•Displays active translations
Router#show ip nat translations
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 172.16.131.1 10.10.10.1 --- ---
Router#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0, Serial2.7
Inside interfaces:
Ethernet1
Hits: 5 Misses: 0
…
•Displays translation statistics
Router#show ip nat statistics
•Displays active translations
Router#show ip nat translations
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 172.16.131.1 10.10.10.1 --- ---
Router#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0, Serial2.7
Inside interfaces:
Ethernet1
Hits: 5 Misses: 0
…
ICND v2.0—6-20
ICND v2.0—6-21
ICND v2.0—6-22
Router#debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
Router#debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
ICND v2.0—6-23
Translation Not Installed in the
Translation Table?
Verify that:
The configuration is correct.
There are not any inbound access lists denying the packets
from entering the NAT router.
The access list referenced by the NAT command is
permitting all necessary networks.
There are enough addresses in the NAT pool.
The router interfaces are appropriately defined as NAT
inside or NAT outside.
Translation Not Installed in the
Translation Table?
Verify that:
The configuration is correct.
There are not any inbound access lists denying the packets
from entering the NAT router.
The access list referenced by the NAT command is
permitting all necessary networks.
There are enough addresses in the NAT pool.
The router interfaces are appropriately defined as NAT
inside or NAT outside.
ICND v2.0—6-24
Summary
Cisco IOS NAT allows an organization with unregistered
private addresses to connect to the Internet by translating
those addresses into globally registered IP addresses.
You can translate your own IP addresses into globally unique
IP addresses when communicating outside of your network.
Overloading is a form of dynamic NAT that maps multiple
unregistered IP addresses to a single registered IP address
(many-to-one) by using different ports, known also as PAT.
Once you have configured NAT, verify that it is operating as
expected using the clear and show commands.
Sometimes NAT is blamed for IP connectivity problems
when there is actually a routing problem.
Summary
Cisco IOS NAT allows an organization with unregistered
private addresses to connect to the Internet by translating
those addresses into globally registered IP addresses.
You can translate your own IP addresses into globally unique
IP addresses when communicating outside of your network.
Overloading is a form of dynamic NAT that maps multiple
unregistered IP addresses to a single registered IP address
(many-to-one) by using different ports, known also as PAT.
Once you have configured NAT, verify that it is operating as
expected using the clear and show commands.
Sometimes NAT is blamed for IP connectivity problems
when there is actually a routing problem.
ICND v2.0—6-25
WorkgroupWorkgroup Workgroup
PodRouter s0Router e0Switch
A 10.140.1.210.2.2.3 10.2.2.11
B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.210.4.4.3 10.4.4.11
D 10.140.4.210.5.5.3 10.5.5.11
E 10.140.5.210.6.6.3 10.6.6.11
F 10.140.6.210.7.7.3 10.7.7.11
G 10.140.7.210.8.8.3 10.8.8.11
H 10.140.8.210.9.9.3 10.9.9.11
I 10.140.9.210.10.10.310.10.10.11
J 10.140.10.210.11.11.310.11.11.11
K 10.140.11.210.12.12.310.12.12.11
L 10.140.12.210.13.13.310.13.13.11
WorkgroupWorkgroup Workgroup
PodRouter s0Router e0Switch
A 10.140.1.210.2.2.3 10.2.2.11
B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.210.4.4.3 10.4.4.11
D 10.140.4.210.5.5.3 10.5.5.11
E 10.140.5.210.6.6.3 10.6.6.11
F 10.140.6.210.7.7.3 10.7.7.11
G 10.140.7.210.8.8.3 10.8.8.11
H 10.140.8.210.9.9.3 10.9.9.11
I 10.140.9.210.10.10.310.10.10.11
J 10.140.10.210.11.11.310.11.11.11
K 10.140.11.210.12.12.310.12.12.11
L 10.140.12.210.13.13.310.13.13.11
ICND v2.0—6-26
WorkgroupWorkgroup Workgroup
Pod Router s0Router e0Switch
A 10.140.1.210.2.2.3 10.2.2.11
B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.210.4.4.3 10.4.4.11
D 10.140.4.210.5.5.3 10.5.5.11
E 10.140.5.210.6.6.3 10.6.6.11
F 10.140.6.210.7.7.3 10.7.7.11
G 10.140.7.210.8.8.3 10.8.8.11
H 10.140.8.210.9.9.3 10.9.9.11
I 10.140.9.210.10.10.310.10.10.11
J 10.140.10.210.11.11.310.11.11.11
K 10.140.11.210.12.12.310.12.12.11
L 10.140.12.210.13.13.310.13.13.11
WorkgroupWorkgroup Workgroup
Pod Router s0Router e0Switch
A 10.140.1.210.2.2.3 10.2.2.11
B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.210.4.4.3 10.4.4.11
D 10.140.4.210.5.5.3 10.5.5.11
E 10.140.5.210.6.6.3 10.6.6.11
F 10.140.6.210.7.7.3 10.7.7.11
G 10.140.7.210.8.8.3 10.8.8.11
H 10.140.8.210.9.9.3 10.9.9.11
I 10.140.9.210.10.10.310.10.10.11
J 10.140.10.210.11.11.310.11.11.11
K 10.140.11.210.12.12.310.12.12.11
L 10.140.12.210.13.13.310.13.13.11
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,704
- Slides 27
- Favorites 4
- Age 3858 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views