Scribd Logo
Upload

Welcome to Scribd!

  • NAT Service

    Uploaded by

    Rebeca García Franco
    14 views28 pages
    Network Address Translation (NAT) allows private IP addresses to be used on a private network while providing access to public networks like the Internet. NAT translates private IP addresses to public IP addresses, conserving global addresses. There are two main types of NAT: static NAT maps a private address to a public address in a 1:1 ratio, while dynamic NAT maps private addresses to public addresses from a pool in a many:1 ratio using Port Address Translation (PAT).

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Network Address Translation (NAT) allows private IP addresses to be used on a private network while providing access to public networks like the Internet. NAT translates private IP addresses to public IP addresses, conserving global addresses. There are two main types of NAT: static NAT maps a private address to a public address in a 1:1 ratio, while dynamic NAT maps private addresses to public addresses from a pool in a many:1 ratio using Port Address Translation (PAT).

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views28 pages

    NAT Service

    Uploaded by

    Rebeca García Franco
    Network Address Translation (NAT) allows private IP addresses to be used on a private network while providing access to public networks like the Internet. NAT translates private IP addresses to public IP addresses, conserving global addresses. There are two main types of NAT: static NAT maps a private address to a public address in a 1:1 ratio, while dynamic NAT maps private addresses to public addresses from a pool in a many:1 ratio using Port Address Translation (PAT).

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    Network Address Translation

    NAT
    Private Addressing

    • Private IP network is an IP network that is not directly connected to


    the Internet

    • IP addresses in a private network can be assigned arbitrarily.

    Not registered and not guaranteed to be globally unique

    • Generally, private networks use addresses from the following ranges


    (non-routable addresses):
    RFC 1918 Internal Address Range CIDR Prefix
    Class A 10.0.0.0 10.255.255.255 10.0.0.0/8
    Class B 172.16.0.0 172.31.255.255 172.16.0.0/12
    Class C 192.168.0.0 192.168.255.255 192.168.0.0/16
    RFC 1631

    A short term solution to the problem of the depletion of IP


    addresses
    • Long term solution is IP v6
    • CIDR (Classless InterDomain Routing ) is a possible short
    term solution
    • NAT is another

    NAT is a way to conserve IP addresses


    Can be used to hide a number of hosts behind a single IP
    address
    Uses private addresses:
    10.0.0.0-10.255.255.255,
    172.16.0.0-172.32.255.255 or
    192.168.0.0-192.168.255.255
    CIDR exemple (Route sumarization)

    4
    Network Address Translation

    • A common use of NAT is to translate a private, non-routable IP address


    into a public IP address.

    E0 S1
    10.1.1.1 165.193.3.1

    SA SA
    10.1.1.11 165.193.1.35

    Internet

    Inside Host
    10.1.1.11
    NAT Table
    •NAT table records inside to outside mappings.
    List of situations when NAT is used

    • When you need to connect the Internet and your host don’t have
    globally unique IP addresses
    • When you’ve changed to a new ISP that requires you to renumber
    your network
    • When you need to merge two intranets with duplicate addresses
    List of situations when NAT is used
    When you need to connect the Internet and your host don’t have
    globally unique IP addresses

    8
    List of situations when NAT is used

    When you’ve changed to a new ISP that requires you to renumber


    your network

    Sourc e = 128.143.71.21 ISP 1


    Destination = 213.168.112.3
    allocates address block
    Sourc e = 10.0.1.2 128.143.71.0/24 to private
    Destination = 213.168.112.3 netw ork:
    128.143.71.21
    private address: 10.0.1.2
    NAT
    public address: 128.143.71.21
    128.195.4.120 device
    H1 128.195.4.120
    ISP 2
    Private allocates address block
    network 128.195.4.0/24 to private
    Sourc e = 128.195.4.120
    Destination = 213.168.112.3 netw ork:

    Private Public
    Address Address
    128.143.71.21
    10.0.1.2
    128.195.4.120

    9
    Inside & Outside Addresses

    • Inside Address NAT


    – IP address of a host located e0 e1
    on the internal network 10.1.1.1 165.193.3.1
    – May be a private, non-
    routable address Inside
    address Outside
    • Outside Address address

    – IP address of a host located


    on the external network
    – May be a public, routable
    address
    Destination
    Local Host
    Host
    10.0.0.11
    165.193.3.2
    Local & Global Addresses

    NAT
    Local Address
    • IP address of an internal or e0 e1
    external host as it appears in the 10.1.1.1 165.193.3.1
    internal IP header.
    Global Address Internal External
    Network Network
    • IP address of an internal or
    external host as it appears on
    the external IP header.

    SA DA
    Destination
    Internal Header 10.1.1.11 165.193.3.2 Local Host
    Host
    External Header 165.193.3.3 165.193.3.2 10.1.1.11
    165.193.3.2
    IP Header Translation

    As a packet moves through a NAT Internal IP Header


    device: (Local Addresses)
    Source Destination
    Inside Local Addresses Address Address
    become Inside Global 10.1.1.11 165.193.3.2
    Addresses Inside Local Outside Local
    Address Address
    Outside Local Addresses
    become Outside Global
    NAT
    Addresses External IP Header
    (Global Addresses)
    Source Destination
    Address Address
    165.193.1.35 165.193.3.2
    Inside Global Outside Global
    Address Address
    Static NAT
    Static NAT
    •Permits devices with a private
    address to be seen on a public 10.1.1.11192.168.1.35
    network.

    • Static translations are entered


    directly into the configuration
    and are always in the translation
    SA SA
    table. 10.1.1.11 192.168.1.35

    • Typically used for web servers.


    Internet

    Inside Host
    10.1.1.11
    Configure Static Nat

    • Establish static translation between inside and outside


    addresses.
    router(config)# ip nat inside source static
    local-ip global-ip

    • Identify interfaces as inside or outside with regard to NAT.


    router(config-if)# ip nat {inside|outside}
    Static NAT Sample Configuration
    Dynamic NAT
    Dynamic NAT

    • NAT can be dynamic or static.

    • Dynamic NAT translates inside addresses using a pool of global


    addresses.

    • Each inside local address is dynamically assigned an inside global


    address from an administratively defined pool of addresses.

    • Dynamic NAT enables hosts on a private network to access the


    internet by translating private addresses into public addresses.
    Inbound Traffic

    • As an inbound packet
    Inside Local Inside Global
    enters the NAT router IP Address IP Address
    10.0.0.110 204.168.1.33

    destined for a host on the 10.0.0.111 204.168.1.34


    10.0.0.112 204.168.1.35

    inside network, the global


    address is referenced in the
    NAT table and replaced DA DA
    204.168.1.35
    with the inside local
    10.1.1.112
    Global Address
    Local Address

    address.
    Configure Dynamic Nat
    • Define a pool of global addresses to be allocated as
    needed.
    router(config)# ip nat pool pool-name start-
    ip end-ip netmask netmask
    • Define a standard access list to identify which hosts will be
    translated.
    router(config)# access-list number permit
    network mask
    • Establish dynamic source translation, identifying the
    access list defined in the previous step.
    router(config)# ip nat inside source list
    access-list-num pool pool-name
    • Identify interfaces as inside or outside with regard to NAT.
    router(config-if)# ip nat {inside|outside}
    Sample Dynamic NAT Configuration

    1
    3

    4
    2
    Confirming NAT Operation
    Static

    Dynamic
    Port Address Translation
    Port Address Translation (PAT)

    • PAT is the process of


    dynamically mapping

    192.168.1.33:1743
    multiple inside addresses 192.168.1.33:4376
    to a single globally
    routable address. 192.168.1.33:1103

    • Utilizes port numbers to


    differentiate between
    10.0.0.110:4376
    inside local addresses. PAT

    • Sometimes called
    10.0.0.111:1103
    overloading.
    NAT Overload

    • The PAT router keeps track of the different conversations by mapping TCP
    and UDP port numbers in the NAT table.
    Overloading NAT

    • Configure a NAT pool

    • Create an access list to determine which address should be translated

    • Assign this access list to the NAT pool and set it for overload

    • Assign inside and outside interfaces


    Overloading NAT
    • Configure NAT pool
    • Range of addresses:
    • ip nat pool bigpool 192.168.1.33 192.168.1.57
    netmask 255.255.255.224
    • Single address
    • ip nat pool smallpool 192.168.1.33 192.168.1.33
    netmask 255.255.255.224
    • Create a standard access list to identify which addresses should be
    translated
    • access-list 24 permit 10.0.0.0 0.255.255.255
    • Assign this access list to the NAT pool and set it for overload
    • ip nat inside source list 24 pool bigpool overload
    • Assign inside and outside interfaces
    • router(config-if)# ip nat {inside|outside}
    PAT: Address Overload

    4
    3

    You might also like