Ch 2 (NAT-PAT) - EDITED.pptx

Full Transcript

Chapter 2: Network Address
Translation(NAT/PAT)

Prepared by :Adeel Ahmad
 Chapter 7 Objectives
The CCENT Topics Covered in this chapter
include:
Operation of IP Data Networks
– Predict the data flow between two hosts across a network.
IP Services
– Identify the basic operation of NAT
Purpose
Pool
Static
1 to 1
Overloading
Source addressing
One way NAT
– Configure and verify NAT for given network requirements

2
 When Do We Use NAT (Network
Address Translation)?
NAT helps conserve IP addresses by allowing many private IPs to share fewer
public IPs. Think of it as a way to stretch our limited supply of public IP
addresses.

Key Situations for NAT Use:

Internet Access Without Unique IPs:
When devices on your network don't have their own public IP addresses but
need to access the internet.

Changing Internet Service Providers (ISP):
If you switch to a new ISP and they ask you to change your network's IP
addresses.

Merging Networks with Overlapping IPs:
When combining two networks that use the same IP addresses, to prevent
conflicts.
Figure 7.1: Where to configure NAT

You typically use NAT on a border router. For
example, in Figure 7.1, NAT is used on the
Corporate router connected to the Internet.
 Types of NAT

1- Static NAT: One-to-One Mapping

What It Does: Links one local IP address to one global IP address.

Ideal For: Situations where each device in your network needs its own
unique Internet IP address.

Key Requirement: You must have an equal number of public IP addresses
as you have hosts needing direct Internet access.
 Types of NAT

2- Dynamic NAT: Pool Mapping

What It Does: Associates unregistered IP addresses with registered ones
from a pool.

Advantages: No need for one-to-one configuration like in Static NAT.
Flexibility in IP address assignment.

Key Requirement: You should have enough public IP addresses for all
devices that will simultaneously interact with the Internet.
 Types of NAT

3- Overloading (PAT/NAT Overload): Many-to-One Mapping

What It Does: Allows multiple private IP addresses to share a single public
IP address, using different source ports for each session (Port Address
Translation - PAT).

Why It's Special: Enables thousands of users to access the Internet through
a single IP address, significantly conserving IP address space.

Most Common Use: This is the most popular NAT configuration due to its
efficiency and cost-effectiveness in utilizing IP addresses.
 NAT Terms
Names Meaning
Inside local The original IP address of an internal device before translation
(following RFC 1918 standards).
Example Use: The actual IP address of your computer within
your private network.
Outside local This is usually the address of the router connected to ISP—the
actual Internet address.
Example Use: The address your ISP assigns to your router,
representing your network externally.
Inside global The IP address assigned to an internal device after translation,
which is used for Internet communications.
Example Use: The public IP address used by an internal
device to interact with the internet.
Outside global The public IP address of an external destination host.
Example Use: The IP address of a website or service your
internal device accesses over the Internet.
 NAT Terms
Summary:
Inside Local: Your device's private IP
before translation.
Outside Local: How your device appears
to the Internet.
Inside Global: Your device's public IP
used for the Internet.
Outside Global: The public IP of the
external device you're accessing.
Basic NAT
 Basic NAT translation

In this figure, we can see host 10.1.1.1 sending an Internet-bound packet to the border
router configured with NAT. The router identifies the source IP address as an inside local IP
address destined for an outside network, translates the source IP address in the packet, and
documents the translation in the NAT table.
The packet is sent to the outside interface with the new translated source address. The
external host returns the packet to the destination host and the NAT router translates the inside
global IP address back to the inside local IP address using the NAT table. This is as simple as it
gets!
Static NAT
 Static NAT Configuration

Objective: To set up a one-to-one mapping between an internal private
IP address and a public IP address.

1- Static NAT Command:
ip nat inside source static 10.1.1.1 170.46.2.2
This command sets up a static NAT translation.
It maps the inside local IP 10.1.1.1 directly to the outside global IP 170.46.2.2.

2- Interface Configuration for Inside Network:
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
Assigns the IP 10.1.1.10 to the Ethernet interface.
Marks this interface as part of the NAT inside network.
 Static NAT Configuration

Objective: To set up a one-to-one mapping between an internal private
IP address and a public IP address.

3- Interface Configuration for Outside Network:
interface Serial0
ip address 170.46.2.1 255.255.255.0
ip nat outside
Assigns the IP 170.46.2.1 to the Serial interface.
Marks this interface as part of the NAT outside network.
Dynamic NAT
 Dynamic NAT Configuration
Objective: Dynamic NAT allows a group of users within a private
network to access the Internet using a pool of public IP addresses.

1- NAT Pool Creation:
ip nat pool todd 170.168.2.3 170.168.2.254 netmask
255.255.255.0
A pool named 'todd' is created with public IP addresses ranging from 170.168.2.3 to
170.168.2.254

2- NAT Inside Source and Access List:
ip nat inside source list 1 pool todd
This tells the router to translate the IP addresses that match access list 1 to
addresses within the pool 'todd'.
 Dynamic NAT Configuration
Objective: Dynamic NAT allows a group of users within a private
network to access the Internet using a pool of public IP addresses.

3- Interface Configuration:
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
The Ethernet0 interface is configured with the private IP address 10.1.1.10 and is
marked as the "inside" part of NAT.

interface Serial0
ip address 170.168.2.1 255.255.255.0
ip nat outside
The Serial0 interface is configured with the public IP address 170.168.2.1 and is
marked as the "outside" part of NAT.
 PAT (Overloading) Configuration
Purpose: PAT allows multiple devices on a private network to share a
single or a small number of public IP addresses for Internet access. It's
commonly used because it conserves public IP addresses.

1- Single IP NAT Pool Creation:
ip nat pool globalnet 170.168.2.1 170.168.2.1
netmask 255.255.255.0
A NAT pool named 'globalnet' is created with a single public IP address, 170.168.2.1,
using a subnet mask of 255.255.255.0

2- NAT Inside Source with Overload:
ip nat inside source list 1 pool globalnet overload
This command configures the router to apply PAT, allowing all IP addresses that
match access list 1 to share the same public IP address for Internet access. The term
'overload' enables the router to use multiple ports for the single IP address in the pool
to differentiate between internal devices.
 PAT (Overloading) Configuration
3- Interface Configuration:
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
The Ethernet0/0 interface is assigned a private IP address 10.1.1.10 and designated
as the inside interface for NAT.
interface Serial0/0
ip address 170.168.2.1 255.255.255.0
ip nat outside
The Serial0/0 interface is assigned the same public IP address as the NAT pool and
marked as the outside interface.

4- Access List for Internal Network:
access-list 1 permit 10.1.1.0 0.0.0.255
An access list is created to permit all devices in the 10.1.1.0 network to use NAT.
 NAT overloading example (PAT)

With PAT, all inside hosts get translated to one single IP address, hence the term
overloading. Again, the reason we’ve just run out of available global IP addresses on
the Internet is because of overloading (PAT).
NAT Overloading EX_2
 Figure 7.4: NAT example
To start, look at Figure 13.4 and ask yourself two things: Where would you implement
NAT in this design, and what type of NAT would you configure?

In Figure 13.4, the NAT configuration would be placed on
the corporate router, just as I demonstrated with Figure 13.1,
and the configuration would be dynamic NAT with overload
(PAT).
 Figure 7.5: Another NAT example
In the next NAT example, refer to Figure 13.5 and see if you can come up with
the configuration needed.

Actually, two different answers would both work here, but the following
would be my first choice based on the exam objectives:
ip nat pool Todd 192.1.2.109 192.1.2.109 netmask
255.255.255.248
access-list 1 permit 192.168.10.64 0.0.0.63
ip nat inside source list 1 pool Todd overload
Written Labs and Review
Questions
– Read through the Exam Essentials
section together in class
– Open your books and go through all the
written labs and the review questions.
– Review the answers in class.

24