You are on page 1of 34

NAT

Shariaty@gmail.com
www.alishariaty.ir

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Contents

Part I Basic NAT Concepts


Part II Static NAT
Part III Dynamic NAT
Part IV PAT (NAT Overload)

Estimated time
02:00:00

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Part I
Basic NAT Concepts

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Basic NAT Concepts

Public IP addresses: can be routed in the internet.


Private IP addresses: can not be routed in the
internet.

Problem
Private IP addresses may not access the internet.

Solution
Source IP will be translated to public.

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Basic NAT Concepts

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Basic NAT Concepts

NAT (Network address Translation) is the technology


of changing the Source IP address.

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Basic NAT Concepts
Terminology

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Basic NAT Concepts
NAT Types

Static NAT
Dynamic NAT
PAT (NAT Overload)

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Part II
Static NAT

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Terminology

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

Step1
Inside & outside interfaces selection.

Router(conf)# Interface fastethernet 0/0


Router(conf-if)# Ip nat inside
Router(conf)# Interface serial 0
Router(conf-if)# Ip nat outside

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

Step1
Inside & outside interfaces selection.

Router(conf)# Interface fastethernet 0/0


Router(conf-if)# Ip nat inside
Router(conf)# Interface fastethernet 0/1
Router(conf-if)# Ip nat inside
Router(conf)# Interface serial 0
Router(conf-if)# Ip nat outside

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

Step2
NAT table initiation.

Router(conf)# IP nat inside source static <inside-local> <inside-global>

Example
Router(conf)# IP nat inside source static 192.168.1.10 80.80.80.80
Router(conf)# IP nat inside source static 192.168.1.11 80.80.80.81

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration
Internet Simulation

On the R0 there is a default route to the R1


There is no route to the R0 subnets on the R1

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip nat inside

R1(config)# interface serial 0/1/0


R1(config-if)# ip nat outside

R1(config)# ip nat inside source static 192.168.0.10 12.12.12.1

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

R1# clear ip nat translation *

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Part III
Dynamic NAT

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Dynamic NAT

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Dynamic NAT
Configuration

Step1
Inside & outside interfaces selection.
Router(conf)# interface fastethernet 0/0
Router(conf-if)# ip nat inside
Router(conf)# interface serial 0
Router(conf-if)# ip nat outside

Step2
Internal users with standard ACL.
Router(conf)# Access-list 1 permit 192.168.1.0 0.0.0.255

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Dynamic NAT
Configuration

Step3
Outside address pool.
Router(conf)# ip nat pool test 80.80.80.1 80.80.80.14 netmask
255.255.255.240

Step4
NAT table initiation.
Router(conf)# ip nat inside source list 1 pool test

Step5
Idle timeout (default 5 min).
Router(conf)# ip nat translation time-out 300

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Static NAT
Configuration
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip nat inside

R1(config)# interface serial 0/1/0


R1(config-if)# ip nat outside

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255


R1(config)#ip nat pool cisco 12.12.12.1 12.12.12.10 netmask 255.255.255.0

R1(config)#ip nat inside source list 1 pool cisco


OR
R1(config)#ip nat inside source list 1 interface serial 0/1/0

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Part IV
PAT (NAT Overload)

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)
Configuration

Step1
Inside & outside interfaces selection.
Router(conf)# interface fastethernet 0/0
Router(conf-if)# ip nat inside
Router(conf)# interface serial 0
Router(conf-if)# ip nat outside

Step2
Internal users with standard ACL.
Router(conf)# Access-list 1 permit 192.168.1.0 0.0.0.255

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)
Configuration

Step3
Outside address pool.
Router(conf)# ip nat pool test 80.80.80.1 80.80.80.14 netmask
255.255.255.240

Step4
NAT table initiation.
A. Translate inside addresses to an outside interface
Router(conf)# ip nat inside source list 1 interface serial 0/0/0 overload

B. Translate inside addresses to an outside addresses pool


Router(conf)# ip nat inside source list 1 pool test overload

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)
Configuration

Note
If NAT is activated on an interface , it may not be
deactivated just by "no ip nat" command. In these
cases first:

R1#clear ip nat translation *

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)
Configuration

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
PAT (Port Address Translation)
Configuration
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip nat inside

R1(config)# interface serial 0/1/0


R1(config-if)# ip nat outside

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255


R1(config)#ip nat pool cisco 12.12.12.1 12.12.12.10 netmask 255.255.255.0

R1(config)#ip nat inside source list 1 pool cisco Overload


OR
R1(config)#ip nat inside source list 1 interface serial 0/1/0 Overload

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
Q. Examine the following configuration commands:

If the configuration is intended to enable source NAT


overload, which of the following commands could be
useful to complete the configuration?
(Choose two answers.)

a. The ip nat outside command


b. The ip nat pat command
c. The overload keyword
d. The ip nat pool command

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.
The only person who is educated
is the one who has learned how
to learn and change.
Carl Rogers

Shariaty@gmail.com Copyright 2012 Alishariaty.ir


www.alishariaty.ir All Rights Reserved.