Professional Documents
Culture Documents
Day 17.1 Nat Pat
Day 17.1 Nat Pat
with
NAT and PAT
ICND v2.06-1
Intro to NAT/PAT
NAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip
address on a network with the global or public ip addresses.
Requirement of NAT when..
1.you need to connect to the Internet and your hosts dont have global unique ip
addresses. We are using private addresses.
2.
2. You change your network to another ISP and that require to renumber your
network. Then using the nat we didnt need to change our ip addresses.
3. You need to merge two internets with duplicate addresses.
4.No any host from the foreign network can access our local network. Local network
security.
ICND v2.06-2
Advantages
disadvantages
Outside local:
Inside global:
Outside global:
ICND v2.06-3
NAT
types
ICND v2.06-6
ICND v2.06-7
ICND v2.06-8
NAT configuration
TO CONFIGURE STATIC NAT-----------r3>en
r3#conf t
r3(config)#int serial 0/0
r3(config-if)#ip nat outside
r3(config-if)#int fa 0/0
r3(config-if)#ip nat inside
r3(config-if)#exit
r3(config)#ip nat inside source static 10.0.0.2 20.0.0.3
r3(config)#exit
r3#show ip nat translations
r3#show ip nat statistics
TO REMOVE STATIC NAT:---r3#conf t
r3(config)#no ip nat inside source static 10.0.0.2 20.0.0.3
ICND v2.06-9
ICND v2.06-10
ICND v2.06-12
12
ICND v2.06-13
ICND v2.06-14
ICND v2.06-15
ICND v2.06-16
16
ICND v2.06-17
Outside local
---
Outside global
---
ICND v2.06-19
ICND v2.06-20
ICND v2.06-21
Router#debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
ICND v2.06-22
configuration is correct.
There are not any inbound access lists denying the
packets from entering the NAT router.
The access list referenced by the NAT command is
permitting all necessary networks.
There are enough addresses in the NAT pool.
The router interfaces are appropriately defined as
NAT inside or NAT outside.
ICND v2.06-23
Summary
Cisco IOS NAT allows an organization with unregistered
ICND v2.06-24