NAT Scneario

50 %
50 %
Information about NAT Scneario
Technology

Published on April 27, 2014

Author: mansournch

Source: slideshare.net

Description

NAT configuration (Static & Dynamic)

LOGO CCNA Tehran Institute of Technology Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014

Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014 Tehran Institute of Technology Contents 1. Introduction to NAT 2. Static NAT 3. Dynamic NAT

Introduction to NAT  Before identifying NAT Technology we need know some about address types in real world networks. Private Address Public Address Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Private VS Public  The public addresses are used to reach to the internet. » because they can be routed on internet.  But the private addresses are used within an organization only. » because they can not be routed. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Using NAT benefits  With NAT, we can use private address millions of times all over the world and still can be access to the internet. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Security tips on NAT  For securtiy reasons,  NAT also provide hiding your network from the outside of the world. Because the remote node that you connect by internet, only knows your public address, not the real internal address of your pc.  NAT provide the translation from  private address to the public address. We are connecting internet with our private address, but in real at the backplane it is doing this with a public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

NAT Types • Static NAT • Dynamic NAT • PAT(Port Address Translation) or NAT Overload  Static NAT is the type that is used for one-to-one translation of ports or addresses, Dynamic NAT is the type that is used with a public address pool, and works with more than one public address, PAT is the type that translates the outbound traffic of internal nodes to unique port numbers of a single public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Keywords on NAT Inside local : Your PC’s private address, Inside global : Public address assigned to your PC, Outside local : Outside host’s public address, Outside global: Same address as the outside local, necessary to translate an outside address to an private address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

How NAT works? At the example above there are different addresses. For PC A, these address are: • Inside Local Address - 10.1.1.10 • Inside Global Address - 55.1.1.1 • Outside Global Address – 99.1.1.2 • Outside Local Address – 99.1.1.2 Here the PC A ’s configured address, 10.1.1.10 is the inside global address. When this PC wants to go to the internet, it will use the Router A ‘s publica address, using PAT. So the inside global address of PC A is 55.1.1.1. Suring comunication with PC B, PC A access only PC B ‘s outside global address, 99.1.1.2 Tehran Institute of Technology

LOGO Static NAT Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Define Topology For static NAT configuration, we will use the below topology. Let’s firstly define our routers. Think R1 router as your local router. And R2 as a router on Internet. Finally RouterA will be our NAT configured router. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Define Topology Firslt you must configure interface ip addresses on three of these routers.And then you must give the static route from both ends to others. After ping from both end successfull to other end, then it is ready for our NAT configuration. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Define Topology R1 R1 # conf terminal R1 (config)# int f0/0 R1 (config-if)# ip address 192.168.0.1 255.255.255.0 R1 (config-if)# no shut R1 (config-if)# exit R1 (config)# ip route 10.10.10.0 255.255.255.0 192.168.0.2 R1 (config)# exit R1 # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Define Topology www.Win2Farsi.com R2 R2 # conf terminal R2 (config)# int f0/0 R2 (config-if)# ip address 10.10.10.1 255.255.255.0 R2 (config-if)# no shut R2 (config-if)# exit R2 (config)# ip route 192.168.0.0 255.255.255.0 10.10.10.2 R2 (config)# exit R2 # copy run start Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Define Topology RouterA RouterA # conf terminal RouterA (config)# int f0/0 RouterA (config-if)# ip address 192.168.0.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# exit RouterA (config)# int f0/1 RouterA (config-if)# ip address 10.10.10.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# end RouterA # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Verify Configurations  R1 # ping 10.10.10.1 R2 # ping 192.168.0.1  Here, lets give “ debug ip packet” command on R2 and ping R1 to R2. Asyou can see below, the source address will be R1’s fa0/0 interface address and the destination address will be the R2’s fa0/0 address. After NAT configuration this source address will be change as RouterA’s fa0/1 interface ip address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Verify Configurations  And lastly for the mapping, private to public, we need an extra command on Router A.  Router A (config)# ip nat inside source static 192.168.0.1 10.10.10.2  After configuring the RouterA with this command, let’s ping R1 to R2 again and check the debug ip packet command output. Here, as you can see below, the new source ip address is the ip address of RouterA’s fa0/1 interface. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

LOGO Dynamic NAT Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014

Scenario www.Win2Farsi.com ISP A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the Company LAN have been assigned private space addresses in the range of192.168.100.17 – 192.168.100.30.

Scenario  The following have already been configured on the router:  - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco”  The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.  Configuration information Router name – Weaver Inside global addresses – 198.18.184.105 198.18.184.110/29 Inside local addresses – 192.168.100.17 – 192.168.100.30/28 Number of inside hosts – 14 Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Solution (step by step) 1. What the IP Addressing of scenario ISP The Local Area Network has been assigned addresses – > 192.168.100.17 to 192.168.100.30 and the subnet mask used, is /28 OR 255.255.255.240 Private IPs Tehran Institute of Technology

Solution (step by step) What the IP Addressing of scenario? ISP We need to translate these LAN addresses into 198.18.184.105 – 198.18.184.110 Public IPs Tehran Institute of Technology

Solution (step by step) So, Problem with IP addressing? ISP The company has 14 hosts in the LAN that need to access the Internet simultaneously but we just have 6 public IPs. So we need to configure NAT overloading or Port Address Translation (PAT). Tehran Institute of Technology

Solution (step by step) ISP Step 1: Create a standard access-list that specifies the Private IPs to be translated i.e., 192.168.100.17 – 192.168.100.30 Step 2: Create a POOL of Public IPs to be allocated i.e., 198.18.184.105 – 198.18.184.110 Step 3: Use “ip nat inside source ….” command to link the ACCESS- LIST and POOL so that NAT overloading can be performed. Step 4: Use ip nat inside and ip nat outside command on fastEthernet and Serial interfaces respectively. Tehran Institute of Technology

Solution (step by step)  To access the Weaver Router Click on Console PC —-> Desktop —-> Terminal — -> OK  Router>enable Router#configure terminal  Change the router’s name to Weaver as given in the LAB Router(config)#hostname Weaver  Create a NAT pool of global addresses to be allocated with the subnet mask. Weaver(config)#ip nat pool NHPOOL 198.18.184.105 198.18.184.110 netmask 255.255.255.248 ISP Tehran Institute of Technology

Solution (step by step)  Create a standard access control list that permits the Private addresses OR the addresses that are to be translated. Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15 ISP Tehran Institute of Technology

Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology

Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology

Solution (step by step)  To verify your LAB the Click on Host for Testing —-> Desktop —-> Command Prompt  C:>ping 192.0.2.114 The ping should work well and you will be replied from 192.0.2.114  Issue “show ip nat translation“ command on Weaver Router to verify the translation. ISP

LOGO Tehran Institute of Technology www.Win2Farsi.com Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

NAT Scenario - Cisco Support Community

Dears , I'm seeking help for this below IPSEC VPN scenario :-Please note that request from both sides that no Private IP's are allowed , meaning that VPN ...
Read more

Netzwerkadressübersetzung – Wikipedia

Die Netzwerkadressübersetzung (englisch Network Address Translation, kurz NAT) ist in Rechnernetzen der Sammelbegriff für Verfahren, die automatisiert ...
Read more

NAT Scneario - HubSlide

NAT configuration (Static & Dynamic) Toggle navigation. BUSINESS; EDUCATION; TECHNOLOGY; TRAVEL; MORE TOPICS; Sign up
Read more

Configuring Network Address Translation: Getting Started ...

This document explains configuring Network Address Translation (NAT) on a Cisco router for use in common network scenarios. The target audience of this ...
Read more

General NAT example scenarios - FreeSWITCH Wiki

Scenario 1 FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> FS (192.168.0.5) In this scenario you have to do two things.
Read more

Manual:IP/Firewall/NAT - MikroTik Wiki

Manual:IP/Firewall/NAT. From MikroTik Wiki < Manual: ... /ip firewall nat. ... Therefore some Internet protocols might not work in scenarios with NAT.
Read more

Network Simulator Lab:NAT Scenario 2

Network simulator lab exercises configuring NAT on the destination router (NAT outside source) and test for connectivity by pinging a remote router.
Read more

Need Help in Nat Scenario! | LAN, Switching and Routing ...

Need Help in Nat Scenario! | LAN, Switching and Routing | Cisco Technical Support Forum | 6016 | 12478261
Read more

IP Addressing: NAT Configuration Guide, Cisco IOS Release ...

IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T -Configuring NAT for IP Address Conservation
Read more