Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections.

Published byHorace Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections."— Presentation transcript:

1 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections

2 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-2 Objectives

3 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-3 Objectives Upon completion of this lesson, you will be able to perform the following tasks: Describe how the TCP and UDP protocols function within the PIX Firewall. Describe how static and dynamic translations function. Configure the PIX Firewall to permit outbound connections. Explain the PIX Firewall PAT feature.

4 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-4 Transport Protocols

5 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-5 Sessions in an IP World In an IP world, a network session is a transaction between two end systems. It is carried out primarily over two transport layer protocols: TCP UDP

6 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-6 TCP TCP is a connection-oriented, reliable-delivery, robust, and high performance transport layer protocol. TCP features –Sequencing and acknowledgement of data. –A defined state machine (open connection, data flow, retransmit, close connection). –Congestion detection and avoidance mechanisms.

7 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-7 TCP Initialization—Inside to Outside PIX Firewall TCP header IP header The PIX Firewall checks for a translation slot. If one is not found, it creates one after verifying NAT, global, access control, and authentication or authorization, if any. If OK, a connection is created. 10.0.0.11 The PIX Firewall follows the Adaptive Security Algorithm: (source IP, source port, destination IP, destination port) check Sequence number check Translation check # 1 172.30.0.50 # 2 # 3 # 4 Start the embryonic connection counter No data Private network Source port Destination address Source address Initial sequence # Destination port Flag Ack 172.30.0.50 10.0.0.11 1026 23 49091 Syn 10.0.0.11 172.30.0.50 23 1026 92513 Syn-Ack 49092 Public network 172.30.0.50 192.168.0.20 49769 Syn 192.168.0.20 172.30.0.50 23 1026 92513 Syn-Ack 49770 1026 23

8 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-8 TCP Initialization—Inside to Outside (Cont.) Private network Public network PIX Firewall Reset the embryonic counter for this client.. It then increases the connection counter for this host. 10.0.0.11 # 5 172.30.0.50 # 6 Strictly follows the Adaptive Security Algorithm Data flows 172.30.0.50 192.168.0.20 1026 23 49770 Ack 92514 Source port Destination address Source address Initial sequence # Destination port Flag Ack 172.30.0.50 10.0.0.11 1026 23 49092 Ack 92514 TCP header IP header

9 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-9 UDP Connectionless protocol. Efficient protocol for some services. Resourceful but difficult to secure.

10 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-10 UDP (Cont.) PIX Firewall UDP header IP header The PIX Firewall checks for a translation slot. If one is not found, it creates one after verifying NAT, global, access control, and authentication or authorization, if any. If OK, a connection is created. 10.0.0.11 The PIX Firewall follows the Adaptive Security Algorithm: (source IP, source port, destination IP, destination Port ) check Translation check # 1 172.30.0.50 # 2 # 3 # 4 Private network Source port Destination address Source address Destination port 172.30.0.50 10.0.0.11 1028 45000 10.0.0.11 172.30.0.50 45000 1028 Public network 172.30.0.50 192.168.0.20 172.30.0.50 45000 1028 45000 All UDP responses arrive from outside and within UDP user-configurable timeout (default=2 minutes).

11 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-11 Network Address Translations

12 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-12 Addressing Scenarios NAT was created to overcome several addressing problems that occurred with the expansion of the Internet: –Mitigate global address depletion –Use RFC 1918 addresses internally –Conserve internal address plan Additionally, NAT increases security by hiding the internal topology 10.0.0.11 10.0.0.4 10.0.0.11 192.168.6.1 Internet NAT

13 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-13 Access Through the PIX Firewall e0 outside security level 0 e1 inside security level 100 nat and global static and access list Internet More secure Less secure More secure Less secure (or static and conduit) (or static)

14 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-14 Inside Address Translations 10.0.0.4 10.0.0.11 10.0.0.4 192.168.6.1 NAT Outside global IP address 192.168.6.10 Inside IP address 10.0.0.11 Static translation Dynamic translation 10.0.0.4 Outside global IP address pool 192.168.6.20-254 Inside NAT—Translates addresses of hosts on higher security level to a less secure interface: Dynamic translation Static translation Internet WWW Server

15 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-15 Dynamic Inside NAT Dynamic translations pixfirewall(config)# nat(inside) 1 0.0.0.0 0.0.0.0 pixfirewall(config)# global(outside) 1 192.168.0.20-192.168.0.254 netmask 255.255.255.0 10.0.0.11 10.0.0.4 10.0.0.11 192.168.0.20 NAT Internet

16 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-16 Two Interfaces with NAT pixfirewall(config)# nat(inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# nat(inside) 2 10.2.0.0 255.255.255.0 pixfirewall(config)# global(outside) 1 192.168.0.3- 192.168.0.14 netmask 255.255.255.0 pixfirewall(config)# global(outside) 2 192.168.0.17- 192.168.0.30 netmask 255.255.255.0 All hosts on the inside networks can start outbound connections. A separate global pool is used for each internal network. 10.2.0.0 /24 192.168.0.0 10.0.0.0/24 Internet Global pool 192.168.0.17-30 Global pool 192.168.0.3-14

17 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-17 Three Interfaces with NAT 192.168.0.0 10.0.0.0 Global pool 172.16.0.20-254 pixfirewall(config)# nat(inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# nat (dmz) 1 172.16.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.20- 192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global(dmz) 1 172.16.0.20-172.16.0.254 netmask 255.255.255.0 Inside users can start outbound connections to both the DMZ and the Internet. The nat (dmz) command gives DMZ services access to the Internet. The global (dmz) command gives inside users access to the DMZ web server. Internet DMZ Inside Global pool 192.168.0.20-254 Outside

18 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-18 Port Address Translation

19 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-19 Port Address Translation 10.0.0.11 10.0.0.4 10.0.0.11 192.168.0.20 Port 2000 PAT 10.0.0.4 192.168.0.20 Port 2001 PAT is a combination of a IP address and a source port number. Many different sessions can be multiplexed over a single global IP address. Session distinction is made via different port numbers. Internet

20 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-20 PAT Example Outside IP addresses are typically registered with InterNIC. Source addresses of hosts in network 10.0.0.0 are translated to 192.168.0.9 for outgoing access. Assign a single IP address (192.168.0.9) to global pool. Source port changed to a unique number greater than 1023. pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# route (outside) 0.0.0.0 0.0.0.0 192.168.0.1 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.0.0 pixfirewall(config)# global (outside) 1 192.168.0.9 netmask 255.255.255.255 Sales Engineering 10.0.1.0 10.0.2.0 192.168.0.0 10.0.0.0 Global address 192.168.0.9.2.1

21 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-21 PAT Using Outside Interface Address The interface option of the global command enables use of the outside interface as the PAT address. The source addresses of hosts in network 10.0.0.0 are translated to 192.168.0.2 for outgoing access. The source port is changed to a unique number greater than 1024. pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address outside dhcp pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.0.0 pixfirewall(config)# global (outside) 1 interface Sales Engineering 10.0.1.0 10.0.2.0 192.168.0.0 10.0.0.0 Global address 192.168.0.2.2.1

22 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-22 Mapping Subnets to PAT Addresses Each internal subnet is mapped to a different PAT address. Source addresses of hosts in network 10.0.1.0 are translated to 192.168.0.8 for outgoing access. Source addresses of hosts in network 10.0.2.0 are translated to 192.168.0.9 for outgoing access. The source port is changed to a unique number greater than 1023. pixfirewall(config)# nat (inside) 1 10.0.1.0 255.255.255.0 pixfirewall(config)# nat (inside) 2 10.0.2.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.8 netmask 255.255.255.0 pixfirewall(config)# global (outside) 2 192.168.0.9 netmask 255.255.255.0 Sales Engineering 10.0.1.0 10.0.2.0 192.168.0.0 10.0.0.0 192.168.0.8.2.1 192.168.0.9

23 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-23 Backing Up PAT Addresses by Using Multiple PATs Source addresses of hosts in network 10.0.1.0 are translated to 192.168.0.8 for outgoing access. Address 192.168.0.9 will be used only when the port pool from 192.168.0.8 is at maximum capacity. pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.0.0 pixfirewall(config)# global (outside) 1 192.168.0.8 netmask 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.9 netmask 255.255.255.0 Sales Engineering 10.0.1.0 10.0.2.0 192.168.0.0 10.0.0.0 192.168.0.8.2.1 192.168.0.9

24 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-24 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.0.0 pixfirewall(config)# global (outside) 1 192.168.0.20-192.168.0.253 netmask 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.254 netmask 255.255.255.0 Augmenting a Global Pool with PAT When hosts on the 10.0.0.0 network access the outside network through the firewall, they are assigned public addresses from the 192.168.0.20– 192.168.0.253 range. When the addresses from the global pool are exhausted, PAT begins with IP address 192.168.0.254. Sales Engineering 10.0.1.0 10.0.2.0 192.168.0.0 10.0.0.0 PAT 192.168.0.254.2.1 NAT 192.168.0.20

25 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-25 Static NAT

26 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-26 static Command Used to create a permanent translation between an inside IP address and a specific global IP address Recommended for internal service hosts Internet Inside Outside DNS server 10.0.0.11 192.168.0.10 Static translation

27 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-27 static Command (Cont.) pixfirewall(config)# static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address [netmask mask] pixfirewall(config)# static (inside,outside) 192.168.0.10 10.0.0.11 netmask 255.255.255.255 Packet sent from 10.0.0.11 translated to 192.168.0.10 Permanently maps a single IP address Recommended for internal service hosts 192.168.0.10 10.0.0.11 Internet InsideOutside 10.0.0.11 DNS server Static mapping

28 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-28 Identity NAT (NAT 0)

29 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-29 Identity NAT—nat 0 Command Identity NAT is used to create a transparent mapping. IP addresses on the inside appear on the outside without translation. Internet Inside Outside 10.0.0.15 DMZ www.cisco.com Internet server 192.168.0.9

30 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-30 Identity NAT—nat 0 Command (Cont.) NAT 0 ensures that Internet server is not translated. ASA remains in effect with NAT 0. pixfirewall(config)# nat (dmz) 0 192.168.0.9 255.255.255.255 Internet Inside Outside DMZ www.cisco.com Internet server 192.168.0.9

31 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-31 Policy NAT

32 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-32 Policy NAT Identify local traffic for address translation by specifying the source and destination addresses in an access list. Apply access-list to nat or static command Internet 10.0.0.15 192.168.0.9 192.168.10.11 192.168.10.4 Telnet Server Web Server 192.168.0.21

33 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-33 Policy NAT—nat plus acl command pix1(config)# access-list NET1 permit tcp 10.0.0.0 255.255.255.0 host 192.168.10.11 eq 23 pix1(config)# nat (inside) 10 access-list net1 pix1(config)# global (outside) 10 192.168.0.9 255.255.255.255 pix1(config)# access-list NET2 permit tcp 10.0.0.0 255.255.255.0 host 192.168.10.4 eq 80 pix1(config)# nat (inside) 11 access-list net2 pix1(config)# global (outside) 11 192.168.0.21 255.255.255.255 Internet 10.0.0.15 192.168.0.9 Telnet Server Web Server 192.168.0.21 192.168.10.11 192.168.10.4

34 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-34 Policy NAT—static plus acl command Internet 10.0.0.15 192.168.0.9 Telnet Server Web Server 192.168.0.21 pix1(config)# access-list NET1 permit tcp 10.0.0.0 255.255.255.0 host 192.168.10.11 eq 23 pix1(config)# static (inside,outside) 192.168.0.9 access-list net1 pix1(config)# access-list NET2 permit tcp 10.0.0.0 255.255.255.0 host 192.168.10.4 eq 80 pix1(config)# static (inside,outside) 192.168.0.21 access-list net2 192.168.10.11 192.168.10.4

35 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-35 Connections and Translations

36 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-36 Connections vs. Translations Translations (xlates)—IP address to IP address translation Connections (conns)—TCP or UDP sessions Inside local Outside global pool 10.0.0.11192.168.0.20 10.0.0.11 10.0.0.4 Translation 10.0.0.11 192.168.0.20 192.168.10.5 Translation Connections Connection 192.168.10.11:2310.0.0.11:1026 Connection 192.168.10.11:8010.0.0.11:1027 192.168.10.11 Internet Telnet HTTP

37 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-37 show conn Command show conn pixfirewall#show conn 1 in use, 2 most used TCP out 192.168.10.11:23 in 10.0.0.11:1026 idle 0:00:22 Bytes 1774 flags UIO pixfirewall# 10.0.0.11 10.0.0.4 192.168.10.11 Connection Internet Enables you to view all active connections

38 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-38 show xlate Command show xlate Enables you to view translation slot information pixfirewall#show xlate 1 in use, 2 most used Global 192.168.0.20 Local 10.0.0.11 pixfirewall# 10.0.0.11 10.0.0.4 10.0.0.11 192.168.0.20 192.168.10.11 Translation Internet

39 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-39 PIX Firewall NAT Philosophy With the PIX Firewall, translation rules are always configured between pairs of interfaces. A packet cannot be switched across the PIX Firewall if it does not match a translation slot in the xlate table. If there is no translation slot, the PIX Firewall will try to create a translation slot from its translation rules. Otherwise, the packet is dropped. 10.0.0.11 10.0.0.4 10.0.0.11 192.168.0.20 192.168.10.11 OutsideInside NAT Internet

40 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-40 PIX Firewall NAT Algorithm— Outbound Packet Flow A packet arrives at an inside interface: -PIX Firewall consults the access rules first. -PIX Firewall makes a routing decision to determine the outbound interface. Source address is checked against the local addresses in the xlate table: -If found, SA is translated according to the xlate slot. Otherwise, PIX Firewall looks for a static translation rule from this interface: -If found, an xlate slot is created, and SA is translated. Otherwise, PIX Firewall looks for a dynamic translation rule from this interface: -If found, an xlate slot is created from the destination interface address pool, and the SA is translated. Otherwise the packet is dropped.

41 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-41 Configuring Multiple Interfaces

42 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-42 Additional Interface Support Supports up to eight additional interfaces. Increases the security of publicly available services. Easily interconnects multiple extranets or partner networks. Easily configured with standard PIX Firewall commands. e0 e1 e2 e4 e3 e6 e5 e9 e7 e8 Outside Inside

43 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-43 Configuring Three Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.20-192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.20- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2.2.1 10.0.0.0/24 Internet 172.16.0.2 192.168.0.11 172.16.0.20 192.168.0.20 DMZ Inside

44 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-44 Configuring Four Interfaces pixfirewall(config)# nameif ethernet0 outside sec0 pixfirewall(config)# nameif ethernet1 inside sec100 pixfirewall(config)# nameif ethernet2 dmz sec50 pixfirewall(config)# nameif ethernet3 partnernet sec40 pixfirewall(config)# ip address outside 192.168.0.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.0.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.0.1 255.255.255.0 pixfirewall(config)# ip address partnernet 172.18.0.1 255.255.255.0 pixfirewall(config)# nat (inside) 1 10.0.0.0 255.255.255.0 pixfirewall(config)# global (outside) 1 192.168.0.20- 192.168.0.254 netmask 255.255.255.0 pixfirewall(config)# global (dmz) 1 172.16.0.20- 172.16.0.254 netmask 255.255.255.0 pixfirewall(config)# static (dmz,outside) 192.168.0.11 172.16.0.2 pixfirewall(config)# static (dmz,partnernet) 172.18.0.11 172.16.0.2 Partnernet 172.16.0.2 DMZ.1 172.16.0.20 10.0.0.0/24 172.18.0.0/24.1 Internet Inside 192.168.0.11 192.168.0.20 172.18.0.11

45 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-45 Summary

46 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-46 Summary The PIX Firewall manages the TCP and UDP protocols through the use of a translation table (for NAT sessions) and a connection table (for TCP and UDP sessions). The static command creates a permanent translation. Mapping between local and global address pool is done dynamically with the nat command. The nat and global commands work together to hide internal IP addresses. The PIX Firewall supports PAT. Configuring multiple interfaces requires more attention to detail but can be done with standard PIX Firewall commands.

47 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-47 Lab Exercise

48 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-48 Lab Visual Objective 192.168.Q.0 192.168.P.0 Student PC.2.1 Student PC PIX Firewall Web/FTP CSACS.1.2.1 PIX Firewall.1 Local: 10.0.P.11 Local: 10.0.Q.11 10.0.P.0 10.0.Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6–10 172.26.26.0.150.50 Web FTP RBB.2 “bastionhost”: Web FTP 172.16.P.0172.16.Q.0 “bastionhost”: Web FTP.1

Download ppt "© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Interconnecting Networks with TCP/IP

Interconnecting Networks with TCP/IP
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation

Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

Similar presentations

Ads by Google