Presentation is loading. Please wait.

Presentation is loading. Please wait.

Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)

Published byJerome Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)"— Presentation transcript:

1 Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading) LAB Configuration

2 Access Control Lists Access Control lists - Standard 1-99 ,1300-1999
- Extended , Standard access list (1-99) Config#access-list _______ ______ ______ ______ Ex Config#access-list 1 deny Config#access-list 1 permit any Config#interface S0 Config#ip access-group 1 in (SA) (wildcard) (access number) (permit,deny)

3 Access Control Lists Standard access list (1-99)
#show ip interface S0 เพื่อตรวจสอบว่า access-list ถูก set ไว้หรือไม่ Ex Block telnet Config#access-list 2 deny Config#access-list 2 permit any Config#line vty 0 4 (config-line)#access-class 2 in

4 Access Control Lists Extended access list (100-199)
config#access-list __________ _________ ___________ ____ ______ _____ ________ __________ _________ Ex Config#access-list 101 deny tcp eq 23 Config#access-list 101 permit ip any any config#interface S0 config-if#ip access-group 101 in SA wildcard (access number) (permit,deny) (protocol tcp,udp,icmp) DA wildcard Eq,Neq,lt,gt Port number

5 Access Control Lists Name access list Config#ip access-list _______
Ex Standdard config#ip access-list standard Internet config# permit config#permit config#interface e0 config-if#ip access-group internet in Standard Extended Name Ex Extended config#ip access-list extended BlockVirus2 config#deny tcp any any eq 135 Config#deny tcp any any eq 4899 Config#permit ip any any config#interface S0 config-if#ip access-group BlockVirus2 in

6 Well-Known Port ECHO Server ---> TCP/7 DISCARD Server ---> TCP/9
DAYTIME Server > TCP/13 CHARGET Server ---> TCP/19 FTP Server ---> TCP/21 SSH Server ---> TCP/22 Telnet Server ---> TCP/23 SMTP Server ---> TCP/25 DNS Server ---> TCP/53 and UDP/53 DHCP Server ---> UDP/68 Web Server ---> TCP/80 (HTTP) Secure Web Server ---> TCP/443 (HTTPS) POP3 Server ---> TCP/110 IMAP Server ---> TCP/143 SNMP Server ---> UDP/161 LDAP Server ---> TCP/389 Web Proxy Server ---> TCP/3128 or TCP/8080 The Well Known Ports are those from 0 through 1023.

7 Network AddressTranslation
NAT Static dynamic Overloading Config#ip nat inside source static Config#interface e0 Config-if#ip nat inside #debug ip nat เพื่อตรวจสอบดูว่ามีการทำ nat static หรือไม่ Config#interface S0 Config-if#ip nat outside

8 ตัวอย่าง routerB#debug ip nat
00:28:33: NAT: s= > , d= [1276] 00:28:33: NAT*: s= , d= > [1276] 00:28:34: NAT*: s= > , d= [1277] 00:28:34: NAT*: s= , d= > [1277] 00:28:35: NAT*: s= > , d= [1279] 00:28:35: NAT*: s= , d= > [1279] 00:28:36: NAT*: s= > , d= [1281] 00:28:36: NAT*: s= , d= > [1281] 00:28:42: NAT*: s= > , d= [1283] 00:28:42: NAT*: s= , d= > [1283]

9 Network AddressTranslation
Dynamic Config#ip nat pool name pool start ip end ip netmask netmask Ex Config#ip nat pool ISP netmask Config#access-list 1 permit Config#ip nat inside source list 1 pool ISP Config#interface e0 Config#interface S0 Config-if#ip nat inside Config-if#ip nat outside

10 Network AddressTranslation
Overloading Config#access-list 1 permit Config#ip nat inside source list 1 interface S0 overload หรือ สามารถทำ overloading แบบ dynamic Config#ip nat inside source list 1 pool name pool overload Config#interface e0 Config#interface S0 Config-if#ip nat inside Config-if#ip nat outside

11 ตัวอย่าง routerB#debug ip nat
00:41:39: NAT: s= > , d= [1789] 00:41:39: NAT*: s= , d= > [1789] 00:41:40: NAT*: s= > , d= [1790] 00:41:40: NAT*: s= , d= > [1790] 00:41:41: NAT*: s= > , d= [1792] 00:41:41: NAT*: s= , d= > [1792] 00:41:42: NAT*: s= > , d= [1794] 00:41:42: NAT*: s= , d= > [1794] 00:41:43: NAT*: s= > , d= [1795] 00:41:43: NAT*: s= , d= > [1795] 00:41:44: NAT*: s= > , d= [1797] 00:41:44: NAT*: s= , d= > [1797]

12 ตัวอย่าง routerB#debug ip nat
00:52:12: NAT*: s= > , d= [2332] 00:52:12: NAT*: s= , d= > [2332] 00:52:13: NAT*: s= > , d= [2333] 00:52:13: NAT*: s= , d= > [2333] 00:52:14: NAT*: s= > , d= [2337] 00:52:14: NAT*: s= , d= > [2337] 00:52:15: NAT*: s= > , d= [2339] 00:52:15: NAT*: s= , d= > [2339] 00:52:16: NAT*: s= > , d= [2340] 00:52:16: NAT*: s= , d= > [2340] 00:52:17: NAT*: s= > , d= [2342] 00:52:17: NAT*: s= , d= > [2342]

13 Ex Static NAT ip nat inside source list 7 interface Serial0 overload
ip nat inside source static tcp extendable ip nat inside source static udp extendable ip nat inside source static udp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static udp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static tcp extendable ip nat inside source static udp extendable ip nat inside source static tcp extendable

Download ppt "Day 4 Security ( ACL ) , Standard Access Lists , Extended Access Lists, Named ACLs Network Address Translation (NAT), Static NAT , Dynamic NAT , PAT (Overloading)"

Similar presentations

Fa0/0 ACL NAT Loopback0 DHCP Outside Inside route-map public local Router jednointerface'wy jako serwer DHCP z usługą NAT Autor: Leszek Gorzelnik, Kraków.

Fa0/0 ACL NAT Loopback0 DHCP Outside Inside route-map public local Router jednointerface'wy jako serwer DHCP z usługą NAT Autor: Leszek Gorzelnik, Kraków.
192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.

© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.

ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.

Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
NAT (Network Address Translation) Natting means Translation of private IP address into public IP address . In order to communicate with internet we must.

NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
NAT 강사 김성훈.

NAT 강사 김성훈.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Similar presentations

Ads by Google