SlideShare una empresa de Scribd logo

N at

Descargar como PPT, PDF
Sumit Tambe
Sumit Tambe

& concept explained easily

1 de 21
14-1 Copyright © 1999, Cisco Systems, Inc. Chapter 14 Scaling IP Addresses with NAT and PAT
14-2—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Objectives Upon completion of this chapter, you will be able to perform the following tasks: • Identify how NAT and PAT solve the limited IP address problem and describe how they operate • Configure NAT and PAT • Verify NAT and PAT
14-3—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Chapter Activities Windows 95 PC Modem Branch office ISDN/analog Small office Central site Frame Relay Frame Relay service PRI BRI BRI Frame Relay Async AAA server Async SA 10.1.1.1 192.168.2.2 SA Inside Local IP Address 10.1.1.1 Inside Global IP Address 192.168.2.2 NAT table PAT
14-4—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Why Use NAT? Use NAT if: • You need to connect to the Internet and your hosts do not have globally unique IP addresses • You change over to a new ISP that requires you to renumber your network • Two intranets with duplicate addresses merge • You want to support basic load sharing Outside 10.1.1.1 10.1.1.2 Inside Internet NAT border router SA 192.168.2.2SA 10.1.1.1
14-5—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Implementation Considerations Advantages Conserves legally registered addresses Reduces address overlap occurrence Increases flexibility when connecting to Internet Eliminates address renumbering as network changes Disadvantages Translation introduces switching path delays Loss of end-to-end IP traceability Certain applications will not function with NAT enabled
14-6—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Overview and Terminology Internet Inside 10.1.1.1 Inside Local IP Address 10.1.1.2 10.1.1.1 Simple NAT table Inside Global IP Address 192.168.2.3 192.168.2.2 10.1.1.2 Host B 172.20.7.3 A C BA B D SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2
14-7—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Operation Inside Local IP Address 10.1.1.1 10.1.1.2 NAT table Inside Global IP Address 192.168.2.2 192.168.2.3 NAT functions: • Translation inside local addresses • Overloading inside global addresses • TCP load distribution • Handling overlapping networks Internet Inside 10.1.1.1 10.1.1.2
14-8—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Translating Inside Local Addresses 10.1.1.2 10.1.1.1 192.168.2.3 192.168.2.2 NAT table Inside Local IP Address Inside Global IP Address 10.1.1.3 192.168.2.4 Internet Inside 10.1.1.1 10.1.1.2 Host B 172.20.7.3 1 3 SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2 10.1.1.2 10.1.1.3 4 5 2
14-9—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Overloading Inside Global Addresses 10.1.1.2:1723 10.1.1.1:1024 NAT table 192.168.2.2:1723 192.168.2.2:1024 172.21.7.3:23 172.20.7.3:23 TCP TCP 10.1.1.3:1723192.168.2.2:1492172.21.7.3:23TCP Internet Inside 10.1.1.1 Host B 172.20.7.3 1 3 SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2 10.1.1.2 10.1.1.3 4 5 2 Host C 172.21.7.3 DA 192.168.2.2 4 Inside Global IP Address: Port Outside Global IP Address: Port Protocol Inside Local IP Address: Port10.1.1.1
14-10—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. TCP Load Distribution NAT table Inside Global IP Address: Port 10.1.1.127:80 10.1.1.127:80 10.1.1.127:80 Outside Global IP Address: Port 172.20.7.3:3058 172.21.7.3:4371 172.20.7.3:3062 Protocol TCP TCP TCP Inside Local IP Address: Port 10.1.1.1:80 10.1.1.2:80 10.1.1.3:80 Internet Inside 10.1.1.1 Host B 172.20.7.34 5 SA 10.1.1.1 DA 10.1.1.1 SA 10.1.1.127 DA 10.1.1.127 10.1.1.2 10.1.1.1 13 2 Host C 172.21.7.3 10.1.1.127 10.1.1.3 Virtual host Real hosts
14-11—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Handling Overlapping Networks Internet 10.1.1.1 DNS server x.x.x.x Host C 10.1.1.3 Inside Local IP Address 10.1.1.1 Inside Global IP Address 192.2.2.2 Outside Global IP Address 10.1.1.3 Outside Local IP Address 193.3.3.3 NAT table DNS request for host C address SA=192.2.2.2 DA=x.x.x.x DNS response from x.x.x.x 10.1.1.1 message to host C SA= x.x.x.x DA= 192.2.2.2 C= 10.1.1.3 SA= 192.2.2.2 DA= 10.1.1.3 10.1.1.1 message to host C SA= 10.1.1.1 DA= 193.3.3.3 SA= x.x.x.x DA= 10.1.1.1 C= 193.3.3.3 DNS request for host C address SA= 10.1.1.1 DA=x.x.x.x
14-12—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Static NAT Configuration Example ip nat inside source static 10.1.1.1 192.168.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! ip nat inside source static 10.1.1.1 192.168.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! Maps the inside local address to the inside global address. This interface connected to the outside world. This interface connected to the inside network.
14-13—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. ip nat pool dyn-nat 192.168.2.1 192.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool dyn-nat ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! ip nat pool dyn-nat 192.168.2.1 192.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool dyn-nat ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! Dynamic NAT Configuration Translate between inside hosts addressed from 10.1.1.0/24 to the globally unique 192.168.2.0/24 network. This interface connected to the outside world. This interface connected to the inside network.
14-14—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring Inside Global Address Overloading ip nat pool ovrld-nat 192.168.2.1 192.168.2.2 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld-nat overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ip nat pool ovrld-nat 192.168.2.1 192.168.2.2 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld-nat overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255
14-15—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring TCP Load Distribution ip nat pool real-hosts 10.1.1.1 10.1.1.126 prefix-length 24 type rotary ip nat inside destination list 2 pool real-hosts ! interface serial0 ip address 192.168.1.129 255.255.255.224 ip nat outside ! interface ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 2 permit 10.1.1.127 ip nat pool real-hosts 10.1.1.1 10.1.1.126 prefix-length 24 type rotary ip nat inside destination list 2 pool real-hosts ! interface serial0 ip address 192.168.1.129 255.255.255.224 ip nat outside ! interface ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 2 permit 10.1.1.127
14-16—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring NAT to Translate Overlapping Addresses ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24 ip nat pool net-10 10.0.1.1 10.0.1.254 prefix-length 24 ip nat outside source list 1 pool net-2 ip nat inside source list 1 pool net-10 ! interface Serial0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 1 permit 10.1.1.0 0.0.0.255 ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24 ip nat pool net-10 10.0.1.1 10.0.1.254 prefix-length 24 ip nat outside source list 1 pool net-2 ip nat inside source list 1 pool net-10 ! interface Serial0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 1 permit 10.1.1.0 0.0.0.255
14-17—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 Verifying NAT A translation for a Telnet is still active. Two different inside hosts appear on the outside with a single IP address. Basic IP address translation Unique TCP port numbers are used to distinguish between hosts. Router#show ip nat trans ProInside global Inside local Outside local Outside global ---192.2.2.1 10.1.1.1 --- --- ---192.2.2.2 10.1.1.2 --- --- Router#show ip nat trans ProInside global Inside local Outside local Outside global ---192.2.2.1 10.1.1.1 --- --- ---192.2.2.2 10.1.1.2 --- --- IP address translation with overloading
14-18—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Router#debug ip nat NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [0] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [0] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [2] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [3] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [4] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [5] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [6] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [2] Router#debug ip nat NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [0] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [0] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [2] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [3] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [4] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [5] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [6] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [2] Troubleshooting NAT An example address translation inside-to-outside. A reply to the packet sent. An example TCP conversation, inside-to-outside. * Indicates translation was in the fast path.
14-19—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Clearing NAT Translation Entries All entries are cleared. 192.168.2.2 is cleared. Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans * router# router#show ip nat trans Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans * router# router#show ip nat trans router#show ip nat transPro Inside global Inside local Outside local Outside global udp 192.168.2.2:1220 10.1.1.2:1120 171.69.2.132:53 171.69.2.132:53 tcp 192.168.2.1:1100310.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans udp inside 192.168.2.2 10.1.1.2 1220 171.69.2.132 53 171.69.2.132 53 router#show ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23
14-20—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Summary After completing this chapter, you should be able to perform the following tasks: • Identify how NAT and PAT solve the limited IP address problem and describe how they operate • Configure NAT and PAT • Verify NAT and PAT
14-21—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Review Questions • What is the difference between a simple translation entry and an extended translation entry? State how each is used. • Give one or more examples when NAT could be used. • Your networks are addressed using 10.1.1.0/24 subnets. Your ISP provides you a globally unique address of 192.1.1.0/24. What commands do you use to translate from 10.1.1.0/24 to 192.1.1.0/24? • When viewing the output of the show ip nat translations command, how can you determine when an inside global address is being used for overloading inside global addresses?

Recomendados

Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)CYBERINTELLIGENTS
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccnarobertoxe
 
Nat
NatNat
NatElshan86
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Đồng Quốc Vương
 
Nat 03
Nat 03Nat 03
Nat 03Davinder Chauhan
 
Ata basicconfig
Ata basicconfigAta basicconfig
Ata basicconfigSergey Bernikov
 
Nat 07
Nat 07Nat 07
Nat 07Davinder Chauhan
 
Voip phone setup
Voip phone setupVoip phone setup
Voip phone setupPicky Airi
 

Recomendados

Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)CYBERINTELLIGENTS
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccnarobertoxe
 
Nat
NatNat
NatElshan86
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Đồng Quốc Vương
 
Nat 03
Nat 03Nat 03
Nat 03Davinder Chauhan
 
Ata basicconfig
Ata basicconfigAta basicconfig
Ata basicconfigSergey Bernikov
 
Nat 07
Nat 07Nat 07
Nat 07Davinder Chauhan
 
Voip phone setup
Voip phone setupVoip phone setup
Voip phone setupPicky Airi
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1ManmeetShandilya2
 
NAT Traversal
NAT TraversalNAT Traversal
NAT TraversalDavide Carboni
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Đồng Quốc Vương
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
Nat
NatNat
NatMohamed Gamel
 
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntpCCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntpFaisal Khan
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-expressNguyen Thanh
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Ralph Nguyen
 
ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์Noii Kittiya
 
Packet-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issuesPacket-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issuesRanghel Soto Espinoza
 
WellGate 2644
WellGate 2644WellGate 2644
WellGate 2644Long Nguyen
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPAndrea Galvani
 
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overviewCCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overviewFaisal Khan
 
Iperf Tutorial
Iperf Tutorial Iperf Tutorial
Iperf Tutorial Febrian ‎
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorialFred Bovy
 
Qstartgide01
Qstartgide01Qstartgide01
Qstartgide01berhereda
 
D-LINK DSL-502 G
D-LINK DSL-502 GD-LINK DSL-502 G
D-LINK DSL-502 GChris x-MS
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6dinomasch
 
关于职业发展的一点思考
关于职业发展的一点思考关于职业发展的一点思考
关于职业发展的一点思考Frank Cheung
 
Integration test
Integration testIntegration test
Integration testSumit Tambe
 
Ha rdware components
Ha rdware componentsHa rdware components
Ha rdware componentsEDGAR3333
 

Más contenido relacionado

La actualidad más candente

Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1ManmeetShandilya2
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Đồng Quốc Vương
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntpCCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntpFaisal Khan
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-expressNguyen Thanh
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Ralph Nguyen
 
ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์Noii Kittiya
 
Packet-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issuesPacket-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issuesRanghel Soto Espinoza
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPAndrea Galvani
 
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overviewCCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overviewFaisal Khan
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorialFred Bovy
 
Qstartgide01
Qstartgide01Qstartgide01
Qstartgide01berhereda
 
D-LINK DSL-502 G
D-LINK DSL-502 GD-LINK DSL-502 G
D-LINK DSL-502 GChris x-MS
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6dinomasch
 

La actualidad más candente (19)

Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
Nat
NatNat
Nat
 
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntpCCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
CCIE Collaboration Lecture - Chapter 1.1 campus design - vlan dhcp and ntp
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
 
ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์ระบบเครือข่ายคอมพิวเตอร์
ระบบเครือข่ายคอมพิวเตอร์
 
Packet-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issuesPacket-tracer---troubleshoot-connectivity-issues
Packet-tracer---troubleshoot-connectivity-issues
 
WellGate 2644
WellGate 2644WellGate 2644
WellGate 2644
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISP
 
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overviewCCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
CCIE Collaboration Lecture Chapter 4.4 voice gateway cucm sip overview
 
Iperf Tutorial
Iperf Tutorial Iperf Tutorial
Iperf Tutorial
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
Qstartgide01
Qstartgide01Qstartgide01
Qstartgide01
 
D-LINK DSL-502 G
D-LINK DSL-502 GD-LINK DSL-502 G
D-LINK DSL-502 G
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6
 

Destacado

关于职业发展的一点思考
关于职业发展的一点思考关于职业发展的一点思考
关于职业发展的一点思考Frank Cheung
 
Integration test
Integration testIntegration test
Integration testSumit Tambe
 
Ha rdware components
Ha rdware componentsHa rdware components
Ha rdware componentsEDGAR3333
 
管窥Nodejs的事件——基于观察者模式的事件队列
管窥Nodejs的事件——基于观察者模式的事件队列管窥Nodejs的事件——基于观察者模式的事件队列
管窥Nodejs的事件——基于观察者模式的事件队列Frank Cheung
 
1.2 History
1.2 History1.2 History
1.2 Historychoodo
 
图形渲染引擎:Ext.draw源码心得
图形渲染引擎:Ext.draw源码心得图形渲染引擎:Ext.draw源码心得
图形渲染引擎:Ext.draw源码心得Frank Cheung
 
史前的Ssjs——从js的asp到node js
史前的Ssjs——从js的asp到node js史前的Ssjs——从js的asp到node js
史前的Ssjs——从js的asp到node jsFrank Cheung
 
Sencha SDK Tools简介:IE6上也可以用CSS3?
Sencha SDK Tools简介:IE6上也可以用CSS3?Sencha SDK Tools简介:IE6上也可以用CSS3?
Sencha SDK Tools简介:IE6上也可以用CSS3?Frank Cheung
 
1.3.philosophy
1.3.philosophy1.3.philosophy
1.3.philosophychoodo
 
非常不多的多媒体公司简介
非常不多的多媒体公司简介非常不多的多媒体公司简介
非常不多的多媒体公司简介Frank Cheung
 
מתאורולוגיה הרצאה 1
מתאורולוגיה הרצאה 1מתאורולוגיה הרצאה 1
מתאורולוגיה הרצאה 1choodo
 
Anestesi umum-fk-ur
Anestesi umum-fk-urAnestesi umum-fk-ur
Anestesi umum-fk-urAldi Rauf
 
何为用户体验设计
何为用户体验设计何为用户体验设计
何为用户体验设计Frank Cheung
 

Destacado (17)

关于职业发展的一点思考
关于职业发展的一点思考关于职业发展的一点思考
关于职业发展的一点思考
 
Integration test
Integration testIntegration test
Integration test
 
Ha rdware components
Ha rdware componentsHa rdware components
Ha rdware components
 
Ddh
DdhDdh
Ddh
 
Ip
IpIp
Ip
 
管窥Nodejs的事件——基于观察者模式的事件队列
管窥Nodejs的事件——基于观察者模式的事件队列管窥Nodejs的事件——基于观察者模式的事件队列
管窥Nodejs的事件——基于观察者模式的事件队列
 
Java tut1
Java tut1Java tut1
Java tut1
 
1.2 History
1.2 History1.2 History
1.2 History
 
Domino java
Domino javaDomino java
Domino java
 
图形渲染引擎:Ext.draw源码心得
图形渲染引擎:Ext.draw源码心得图形渲染引擎:Ext.draw源码心得
图形渲染引擎:Ext.draw源码心得
 
史前的Ssjs——从js的asp到node js
史前的Ssjs——从js的asp到node js史前的Ssjs——从js的asp到node js
史前的Ssjs——从js的asp到node js
 
Sencha SDK Tools简介:IE6上也可以用CSS3?
Sencha SDK Tools简介:IE6上也可以用CSS3?Sencha SDK Tools简介:IE6上也可以用CSS3?
Sencha SDK Tools简介:IE6上也可以用CSS3?
 
1.3.philosophy
1.3.philosophy1.3.philosophy
1.3.philosophy
 
非常不多的多媒体公司简介
非常不多的多媒体公司简介非常不多的多媒体公司简介
非常不多的多媒体公司简介
 
מתאורולוגיה הרצאה 1
מתאורולוגיה הרצאה 1מתאורולוגיה הרצאה 1
מתאורולוגיה הרצאה 1
 
Anestesi umum-fk-ur
Anestesi umum-fk-urAnestesi umum-fk-ur
Anestesi umum-fk-ur
 
何为用户体验设计
何为用户体验设计何为用户体验设计
何为用户体验设计
 

Similar a N at

Chapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfChapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfBuntha Chhay
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity3Anetwork com
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationHamed Moghaddam
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)Netwax Lab
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 
Module (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptxModule (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptxGeorgeThoreJr
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfAsgarAlam6
 
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerUccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerShu Shin
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipTũi Wichets
 
CCNA NAT (Network Address Translation)
CCNA NAT (Network Address Translation)CCNA NAT (Network Address Translation)
CCNA NAT (Network Address Translation)Networkel
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routersIT Tech
 

Similar a N at (20)

Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat
 
Chapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfChapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdf
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
 
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
 
Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
Nat pat
Nat patNat pat
Nat pat
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
Module (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptxModule (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptx
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
 
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerUccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ip
 
CCNA Icnd110 cag
CCNA Icnd110 cagCCNA Icnd110 cag
CCNA Icnd110 cag
 
Nat
NatNat
Nat
 
CCNA NAT (Network Address Translation)
CCNA NAT (Network Address Translation)CCNA NAT (Network Address Translation)
CCNA NAT (Network Address Translation)
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 

N at

  • 1. 14-1 Copyright © 1999, Cisco Systems, Inc. Chapter 14 Scaling IP Addresses with NAT and PAT
  • 2. 14-2—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Objectives Upon completion of this chapter, you will be able to perform the following tasks: • Identify how NAT and PAT solve the limited IP address problem and describe how they operate • Configure NAT and PAT • Verify NAT and PAT
  • 3. 14-3—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Chapter Activities Windows 95 PC Modem Branch office ISDN/analog Small office Central site Frame Relay Frame Relay service PRI BRI BRI Frame Relay Async AAA server Async SA 10.1.1.1 192.168.2.2 SA Inside Local IP Address 10.1.1.1 Inside Global IP Address 192.168.2.2 NAT table PAT
  • 4. 14-4—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Why Use NAT? Use NAT if: • You need to connect to the Internet and your hosts do not have globally unique IP addresses • You change over to a new ISP that requires you to renumber your network • Two intranets with duplicate addresses merge • You want to support basic load sharing Outside 10.1.1.1 10.1.1.2 Inside Internet NAT border router SA 192.168.2.2SA 10.1.1.1
  • 5. 14-5—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Implementation Considerations Advantages Conserves legally registered addresses Reduces address overlap occurrence Increases flexibility when connecting to Internet Eliminates address renumbering as network changes Disadvantages Translation introduces switching path delays Loss of end-to-end IP traceability Certain applications will not function with NAT enabled
  • 6. 14-6—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Overview and Terminology Internet Inside 10.1.1.1 Inside Local IP Address 10.1.1.2 10.1.1.1 Simple NAT table Inside Global IP Address 192.168.2.3 192.168.2.2 10.1.1.2 Host B 172.20.7.3 A C BA B D SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2
  • 7. 14-7—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. NAT Operation Inside Local IP Address 10.1.1.1 10.1.1.2 NAT table Inside Global IP Address 192.168.2.2 192.168.2.3 NAT functions: • Translation inside local addresses • Overloading inside global addresses • TCP load distribution • Handling overlapping networks Internet Inside 10.1.1.1 10.1.1.2
  • 8. 14-8—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Translating Inside Local Addresses 10.1.1.2 10.1.1.1 192.168.2.3 192.168.2.2 NAT table Inside Local IP Address Inside Global IP Address 10.1.1.3 192.168.2.4 Internet Inside 10.1.1.1 10.1.1.2 Host B 172.20.7.3 1 3 SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2 10.1.1.2 10.1.1.3 4 5 2
  • 9. 14-9—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Overloading Inside Global Addresses 10.1.1.2:1723 10.1.1.1:1024 NAT table 192.168.2.2:1723 192.168.2.2:1024 172.21.7.3:23 172.20.7.3:23 TCP TCP 10.1.1.3:1723192.168.2.2:1492172.21.7.3:23TCP Internet Inside 10.1.1.1 Host B 172.20.7.3 1 3 SA 10.1.1.1 DA 10.1.1.1 SA 192.168.2.2 DA 192.168.2.2 10.1.1.2 10.1.1.3 4 5 2 Host C 172.21.7.3 DA 192.168.2.2 4 Inside Global IP Address: Port Outside Global IP Address: Port Protocol Inside Local IP Address: Port10.1.1.1
  • 10. 14-10—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. TCP Load Distribution NAT table Inside Global IP Address: Port 10.1.1.127:80 10.1.1.127:80 10.1.1.127:80 Outside Global IP Address: Port 172.20.7.3:3058 172.21.7.3:4371 172.20.7.3:3062 Protocol TCP TCP TCP Inside Local IP Address: Port 10.1.1.1:80 10.1.1.2:80 10.1.1.3:80 Internet Inside 10.1.1.1 Host B 172.20.7.34 5 SA 10.1.1.1 DA 10.1.1.1 SA 10.1.1.127 DA 10.1.1.127 10.1.1.2 10.1.1.1 13 2 Host C 172.21.7.3 10.1.1.127 10.1.1.3 Virtual host Real hosts
  • 11. 14-11—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Handling Overlapping Networks Internet 10.1.1.1 DNS server x.x.x.x Host C 10.1.1.3 Inside Local IP Address 10.1.1.1 Inside Global IP Address 192.2.2.2 Outside Global IP Address 10.1.1.3 Outside Local IP Address 193.3.3.3 NAT table DNS request for host C address SA=192.2.2.2 DA=x.x.x.x DNS response from x.x.x.x 10.1.1.1 message to host C SA= x.x.x.x DA= 192.2.2.2 C= 10.1.1.3 SA= 192.2.2.2 DA= 10.1.1.3 10.1.1.1 message to host C SA= 10.1.1.1 DA= 193.3.3.3 SA= x.x.x.x DA= 10.1.1.1 C= 193.3.3.3 DNS request for host C address SA= 10.1.1.1 DA=x.x.x.x
  • 12. 14-12—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Static NAT Configuration Example ip nat inside source static 10.1.1.1 192.168.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! ip nat inside source static 10.1.1.1 192.168.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! Maps the inside local address to the inside global address. This interface connected to the outside world. This interface connected to the inside network.
  • 13. 14-13—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. ip nat pool dyn-nat 192.168.2.1 192.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool dyn-nat ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! ip nat pool dyn-nat 192.168.2.1 192.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool dyn-nat ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! Dynamic NAT Configuration Translate between inside hosts addressed from 10.1.1.0/24 to the globally unique 192.168.2.0/24 network. This interface connected to the outside world. This interface connected to the inside network.
  • 14. 14-14—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring Inside Global Address Overloading ip nat pool ovrld-nat 192.168.2.1 192.168.2.2 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld-nat overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ip nat pool ovrld-nat 192.168.2.1 192.168.2.2 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld-nat overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255
  • 15. 14-15—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring TCP Load Distribution ip nat pool real-hosts 10.1.1.1 10.1.1.126 prefix-length 24 type rotary ip nat inside destination list 2 pool real-hosts ! interface serial0 ip address 192.168.1.129 255.255.255.224 ip nat outside ! interface ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 2 permit 10.1.1.127 ip nat pool real-hosts 10.1.1.1 10.1.1.126 prefix-length 24 type rotary ip nat inside destination list 2 pool real-hosts ! interface serial0 ip address 192.168.1.129 255.255.255.224 ip nat outside ! interface ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 2 permit 10.1.1.127
  • 16. 14-16—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Configuring NAT to Translate Overlapping Addresses ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24 ip nat pool net-10 10.0.1.1 10.0.1.254 prefix-length 24 ip nat outside source list 1 pool net-2 ip nat inside source list 1 pool net-10 ! interface Serial0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 1 permit 10.1.1.0 0.0.0.255 ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24 ip nat pool net-10 10.0.1.1 10.0.1.254 prefix-length 24 ip nat outside source list 1 pool net-2 ip nat inside source list 1 pool net-10 ! interface Serial0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside ! access-list 1 permit 10.1.1.0 0.0.0.255
  • 17. 14-17—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 Verifying NAT A translation for a Telnet is still active. Two different inside hosts appear on the outside with a single IP address. Basic IP address translation Unique TCP port numbers are used to distinguish between hosts. Router#show ip nat trans ProInside global Inside local Outside local Outside global ---192.2.2.1 10.1.1.1 --- --- ---192.2.2.2 10.1.1.2 --- --- Router#show ip nat trans ProInside global Inside local Outside local Outside global ---192.2.2.1 10.1.1.1 --- --- ---192.2.2.2 10.1.1.2 --- --- IP address translation with overloading
  • 18. 14-18—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Router#debug ip nat NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [0] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [0] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [2] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [3] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [4] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [5] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [6] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [2] Router#debug ip nat NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [0] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [0] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [2] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [3] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [4] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [5] NAT: s=10.1.1.1->192.168.2.1, d=172.16.2.2 [6] NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [2] Troubleshooting NAT An example address translation inside-to-outside. A reply to the packet sent. An example TCP conversation, inside-to-outside. * Indicates translation was in the fast path.
  • 19. 14-19—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Clearing NAT Translation Entries All entries are cleared. 192.168.2.2 is cleared. Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans * router# router#show ip nat trans Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans * router# router#show ip nat trans router#show ip nat transPro Inside global Inside local Outside local Outside global udp 192.168.2.2:1220 10.1.1.2:1120 171.69.2.132:53 171.69.2.132:53 tcp 192.168.2.1:1100310.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans udp inside 192.168.2.2 10.1.1.2 1220 171.69.2.132 53 171.69.2.132 53 router#show ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23
  • 20. 14-20—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Summary After completing this chapter, you should be able to perform the following tasks: • Identify how NAT and PAT solve the limited IP address problem and describe how they operate • Configure NAT and PAT • Verify NAT and PAT
  • 21. 14-21—BCRAN—Scaling IP Addresses with Network Address Translation Copyright © 1999, Cisco Systems, Inc. Review Questions • What is the difference between a simple translation entry and an extended translation entry? State how each is used. • Give one or more examples when NAT could be used. • Your networks are addressed using 10.1.1.0/24 subnets. Your ISP provides you a globally unique address of 192.1.1.0/24. What commands do you use to translate from 10.1.1.0/24 to 192.1.1.0/24? • When viewing the output of the show ip nat translations command, how can you determine when an inside global address is being used for overloading inside global addresses?

Notas del editor

  1. Purpose: This chapter provides an overview of Network Address Translation (NAT) and Port Address Translation (PAT). It then discusses how to enable it on a Cisco router. Timing: This chapter takes approximately 2 hours to present. Note: This section has a laboratory exercise that allows students to enable NAT on a Cisco router. Contents: Objectives—This section explains what the student will be able to do at the end of this chapter. NAT Overview—This section introduces students to NAT. NAT Operation—This section describes how NAT works. Configuring NAT—This section describes how to configure NAT on a Cisco IOS™ router. Verifying and Troubleshooting NAT—This section describes how to verify NAT configuration. Configuring and Troubleshooting PAT on the 700 Router—This section describes how to enable PAT on a 700 series Cisco router. Laboratory Exercise—Students will configure NAT. Summary—This section summarizes what was taught in the chapter. Review Questions—This section offers open-ended review questions. They should foster discussion after presenting the chapter. Transition: Following are the performance objectives that describe what students will be able to do at the end of the chapter.
  2. Purpose: This figure states the chapter objectives. Emphasize: Read or state each objective so each student has a clear understanding of the chapter objectives.
  3. Purpose: This figure is a graphical illustration of the chapter objectives.
  4. Purpose: This figure describes circumstances when you would implement NAT. Emphasize: Examples when NAT may be employed include two companies that have duplicate internal addressing schemes merge, or a company changes its Internet Service Provider (ISP) but does not want to change its internal address scheme. Transition: Advantages and disadvantages of using NAT follow.
  5. Purpose: This figure describes advantages and disadvantages of implementing NAT. Note: The most obvious advantage is that NAT conserves the legally registered address scheme. Transition: An overview of NAT follows.
  6. Purpose: This figure is a transition into the NAT overview section. It also highlights some important NAT terms. Emphasize: Highlight the different sending addresses on the packet before it enters the router and after it leaves the router. Compare those addresses to those listed on the NAT table. Describe each term as it relates to the figure. Note: The letters on the figure correspond to the descriptions in the text. Descriptions for outside local IP address and extended translation entry are not represented graphically. Easy IP is a related feature to NAT available on Cisco routers. Configuring Easy IP is not taught in this course. The Easy IP (Phase 1) feature combines NAT and Point-to-point (PPP)/Internet Protocol Control Protocol (IPCP). This feature enables a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server and enable all remote hosts to access the global Internet using this single registered IP address. Because Easy IP (Phase 1) uses existing port-level multiplexed NAT functionality within the Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet. Reference: For a complete description of the Easy IP configuration commands, refer to the “Easy IP Commands” chapter in the Dial Solutions Command Reference.
  7. Purpose: This figure is a transition that highlights the NAT functions that are presented in the next few figures. Emphasize: The next few figures discuss the following NAT functions: Translating inside global addresses Overloading inside global addresses Handling overlapping networks Transmission Control Protocol (TCP) load distribution Transition: The next figure describes translating inside global addresses.
  8. Purpose: This figure explains how address translation works. Emphasize: Later when students learn to configure address translation, they will be able to use either static NAT configuration or dynamic NAT configuration. Transition: The next figure describes overloading inside global addresses.
  9. Purpose: This figure explains how overloading inside global addresses works. Emphasize: Overloading inside global address translation is Port Address Translation (PAT). How to configure PAT on a Cisco 700 series router is described later in this chapter. Transition: The next figure describes TCP load distribution.
  10. Purpose: This figure describes TCP load distribution. Emphasize: Load distribution is used when multiple inside stations have mirrored resources, requiring a unique virtual addressing scheme. Transition: The next figure describes handling overlapping networks.
  11. Purpose: This figure describes overlapping networks. Transition: The following figures describe how to configure a Cisco IOS router to enable the NAT features just discussed.
  12. Purpose: This figure displays the static NAT configuration output. Emphasize: Highlight the inside and outside interfaces on this configuration. Note: This figure and the subsequent NAT configuration figures only display the configurations necessary to configure NAT translation. Other commands may be necessary for routing.
  13. Purpose: This figure displays the dynamic NAT configuration output.
  14. Purpose: This figure describes how to configure inside global address overloading.
  15. Purpose: This figure describes how to configure TCP load distribution.
  16. Purpose: This figure describes how to configure NAT to translate overlapping addresses.
  17. Purpose: This figure describes how to verify your NAT configuration output. Emphasize: The upper output box displays the typical NAT table. The lower output box displays the NAT table with overloading. Note: When looking at the IP NAT translations, you may see many translations from the same host to the same host at the destination. This is typical of many connections to the Web.
  18. Purpose: This figure describes the debug ip nat command. Emphasize: Show the sending address, the translation, and the destination address on each debug line.
  19. Purpose: This figure describes how to clear your NAT entries from the translation table. Emphasize: The “*” clears all entries from the NAT table. Both output boxes in the figure show how the NAT table looks before and after translations are cleared.
  20. Purpose: Review the summary items with your students. Emphasize: Read or restate the summary statements. By now, your presentation and classroom discussion should have students able to meet the chapter learning objectives.
  21. Purpose: Review the chapter with the open-ended questions. Note: The questions in this section are open-ended questions designed to foster further discussion. Answers to the review questions are in Appendix B, “Answers to the Review Questions.”