Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)

Published byOsborne McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)"— Presentation transcript:

1 CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)

2 CCNA4-2 Chapter 7-1 IP Addressing Services Scaling Networks With Network Address Translation (NAT)

3 CCNA4-3 Chapter 7-1 Private Internet Addresses: These are reserved private Internet addresses drawn from three blocks. These addresses are for private, internal network use only. RFC 1918 specifies that private addresses are not to be routed over the Internet. Scaling Networks With NAT

4 CCNA4-4 Chapter 7-1 Private Internet Addresses: Two Issues: You cannot route private addresses over the Internet. There are not enough public addresses to allow organizations to provide one to every one of their hosts. Networks need a mechanism to translate private addresses to public addresses at the edge of their network that works in both directions. Solution – NAT. Scaling Networks With NAT

5 CCNA4-5 Chapter 7-1 IPv4 Private Address Space

6 CCNA4-6 Chapter 7-1 Primary use is to conserve public IPv4 addresses. Primary use is to conserve public IPv4 addresses. devices inside the network with private unique addresses. The DHCP server assigns devices inside the network with private unique addresses. NAT is usually implemented at border network devices, such as firewalls or routers. NAT is usually implemented at border network devices, such as firewalls or routers. When the client sends packets out of the network, NAT translates the internal private IP address of the client to an external public address. What is NAT? Private Address Public Address NATNAT

7 CCNA4-7 Chapter 7-1 What is NAT? (cont.)

8 CCNA4-8 Chapter 7-1 NAT Terminology Inside network is the set of devices using private addresses Inside network is the set of devices using private addresses Outside network refers to all other networks Outside network refers to all other networks NAT includes four types of addresses: NAT includes four types of addresses: Inside local addressInside local address Inside global addressInside global address Outside local addressOutside local address Outside global addressOutside global address

9 CCNA4-9 Chapter 7-1 NAT Terminology (cont.)

10 CCNA4-10 Chapter 7-1 What is NAT? The translation process uses an internal translation table. The translation process uses an internal translation table. The contents of the table will vary depending on the type of network translation being implemented. The contents of the table will vary depending on the type of network translation being implemented. We will be looking at the use of static NAT, dynamic NAT and Port Address Translation (PAT). We will be looking at the use of static NAT, dynamic NAT and Port Address Translation (PAT). Inside Private Outside Public

11 CCNA4-11 Chapter 7-1 How Does NAT Work? DASA 209.165.201.1192.168.10.10 R2: I have a packet for the outside network. I must translate the IP address. SendSendDASA 209.165.201.1209.165.200.226

12 CCNA4-12 Chapter 7-1 How Does NAT Work? DASA 209.165.200.226209.165.201.1 R2: I have a packet for the inside network. I must translate the IP address. ReceiveReceiveDASA 192.168.10.10209.165.201.1 209.165.200.226

13 CCNA4-13 Chapter 7-1 Dynamic Mapping and Static Mapping Dynamic Mapping: Dynamic Mapping: Mapping of local addresses dynamically to a pool of global addresses.Mapping of local addresses dynamically to a pool of global addresses. The hosts able to use NAT is limited by the number of addresses in the range.The hosts able to use NAT is limited by the number of addresses in the range. If you have allocated 6 public addresses for NAT, any 6 users can use NAT simultaneously.If you have allocated 6 public addresses for NAT, any 6 users can use NAT simultaneously. The NAT device dynamically assigns an address when a request is received. When a session ends, the address is returned to the pool for another user.The NAT device dynamically assigns an address when a request is received. When a session ends, the address is returned to the pool for another user. NAT Table Inside Local Inside Global 10.0.0.1179.9.8.81 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8179.9.8.86

14 CCNA4-14 Chapter 7-1 Dynamic Mapping and Static Mapping Static Mapping: Static Mapping: One to one mapping of local and global addresses.One to one mapping of local and global addresses. The hosts able to use NAT is limited by the static assignment in the table.The hosts able to use NAT is limited by the static assignment in the table. If you have allocated 6 public addresses for NAT, only these 6 users can use NAT.If you have allocated 6 public addresses for NAT, only these 6 users can use NAT. No other network users will have access unless you allocate another global address and add it to the table.No other network users will have access unless you allocate another global address and add it to the table. NAT Table Inside Local Inside Global 10.0.0.1179.9.8.81 10.0.0.2179.9.8.82 10.0.0.3179.9.8.83 10.0.0.4179.9.8.84 10.0.0.5179.9.8.85 10.0.0.6179.9.8.86

15 CCNA4-15 Chapter 7-1 NAT Overload Port Address Translation (PAT): Port Address Translation (PAT): Allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic).Allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic). Modifies the TCP/UDP source port to track inside host addresses.Modifies the TCP/UDP source port to track inside host addresses. Tracks and translates:Tracks and translates: Source IP Address.Source IP Address. Destination IP Address.Destination IP Address. TCP/UDP Source Port Number.TCP/UDP Source Port Number. These uniquely identify each connection for each stream of traffic.These uniquely identify each connection for each stream of traffic.

16 CCNA4-16 Chapter 7-1 NAT Overload Port Address Translation (PAT): Port Address Translation (PAT): 209.165.200.226SADA 209.165.200.226:1555209.165.201.1:80 SADA 192.168.10.10:1555209.165.201.1:80 SADA 192.168.10.11:1331209.165.202.129:80 SADA 209.165.200.226:1331209.165.202.129:80

17 CCNA4-17 Chapter 7-1 NAT Overload Port Address Translation (PAT): Port Address Translation (PAT): 209.165.200.226SADA 209.165.201.1:80192.168.10.10:1555 SADA 209.165.201.1:80209.165.200.226:1555 SADA 209.165.202.129:80192.168.10.11:1331 SADA 209.165.202.129:80209.165.200.226:1331

18 CCNA4-18 Chapter 7-1 NAT Overload Port Address Translation (PAT): NEXT AVAILABLE PORT Port Address Translation (PAT): NEXT AVAILABLE PORT 192.168.10.11:1444192.168.10.12:1444

19 CCNA4-19 Chapter 7-1 Benefits and Drawbacks NAT Benefits: NAT Benefits: Conserves the legally registered addressing scheme.Conserves the legally registered addressing scheme. Increases the flexibility of connections to the public network.Increases the flexibility of connections to the public network. Provides consistency for internal network addressing schemes.Provides consistency for internal network addressing schemes. Provides network security.Provides network security.

20 CCNA4-20 Chapter 7-1 Benefits and Drawbacks NAT Drawbacks: NAT Drawbacks: Performance is degraded.Performance is degraded. End-to-end functionality is degraded.End-to-end functionality is degraded. End-to-end trace is lost.End-to-end trace is lost. Tunneling is more complicated.Tunneling is more complicated. Initiating TCP connections can be disrupted.Initiating TCP connections can be disrupted. TCP initiated from the outside or stateless protocols using UDP.TCP initiated from the outside or stateless protocols using UDP. Network architectures may have to be rebuilt.Network architectures may have to be rebuilt.

21 CCNA4-21 Chapter 7-1 Configuring Static NAT Step 1: Step 1: Specify static translation between an inside local and inside global address.Specify static translation between an inside local and inside global address. ip nat inside source static local-ip global-ip Port Address 179.23.2.2 – Inside Global address from ISP. ISP routing table: 179.23.2.0 via 192.168.1.1 ISP routing table: 179.23.2.0 via 192.168.1.1 Inside Local RA(config)#ip nat inside source static 10.1.1.2 179.23.2.2

22 CCNA4-22 Chapter 7-1 Configuring Static NAT Step 2: Step 2: Mark the router interfaces as an inside interface or an outside interface.Mark the router interfaces as an inside interface or an outside interface. ISP routing table: 179.23.2.0 via 192.168.1.1 ISP routing table: 179.23.2.0 via 192.168.1.1 RA(config)#interface fa0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.0 RA(config-if)#ip nat inside RA(config)#interface fa0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.0 RA(config-if)#ip nat inside RA(config)#interface s0/0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ip nat outside RA(config)#interface s0/0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ip nat outside

23 CCNA4-23 Chapter 7-1 Configuring Static NAT Summary: Summary: 10.1.1.2 will always translate to 179.23.2.2

24 CCNA4-24 Chapter 7-1 Configuring Dynamic NAT 1.Define a named address pool of outside addresses to be used for translation. 2.Define an access list to specify those inside addresses that are eligible for translation. 3.Specify dynamic translation between the inside addresses allowed by the access list and the pool of outside addresses. 4.Mark the interfaces as inside or outside.

25 CCNA4-25 Chapter 7-1 Configuring Dynamic NAT Step 1: Step 1: Define a named address pool of outside addresses to be used for translation.Define a named address pool of outside addresses to be used for translation. ip nat pool name start-ip end-ip (netmask netmask | prefix-length prefix-length) Address space from ISP = 179.9.8.0/24 IP Address assigned to the interface. ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1

26 CCNA4-26 Chapter 7-1 Configuring Dynamic NAT Step 1: Step 1: Define a named address pool of outside addresses to be used for translation.Define a named address pool of outside addresses to be used for translation. ip nat pool NAT-POOL1 179.9.8.80 179.9.8.85 netmask 255.255.255.0 netmask 255.255.255.0 NameName RangeRange MaskMask ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 IP Address assigned to the interface. Address space from ISP = 179.9.8.0/24

27 CCNA4-27 Chapter 7-1 Configuring Dynamic NAT Step 2: Step 2: Define an access list to specify those inside addresses that are eligible for translation.Define an access list to specify those inside addresses that are eligible for translation. access-list access-list-number permit source [source wildcard] ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 IP Address assigned to the interface. Address space from ISP = 179.9.8.0/24

28 CCNA4-28 Chapter 7-1 Step 2: Step 2: Define an access list to specify those inside addresses that are eligible for translation.Define an access list to specify those inside addresses that are eligible for translation. access-list 1 permit 10.1.0.0 0.0.255.255 Configuring Dynamic NAT ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 IP Address assigned to the interface. Allows ALL inside network addresses to be translated. Address space from ISP = 179.9.8.0/24

29 CCNA4-29 Chapter 7-1 Configuring Dynamic NAT Step 2: Step 2: Specify dynamic translation between the inside addresses allowed by the access list and the pool of outside addresses.Specify dynamic translation between the inside addresses allowed by the access list and the pool of outside addresses. ip nat inside source list access-list-number pool pool-name ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 IP Address assigned to the interface. Address space from ISP = 179.9.8.0/24

30 CCNA4-30 Chapter 7-1 Configuring Dynamic NAT Step 3: Step 3: Specify dynamic translation between the inside addresses allowed by the access list and the pool of outside addresses.Specify dynamic translation between the inside addresses allowed by the access list and the pool of outside addresses. ip nat inside source list 1 pool NAT-POOL1 ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 IP Address assigned to the interface. From Step 2 From Step 1 Address space from ISP = 179.9.8.0/24

31 CCNA4-31 Chapter 7-1 Configuring Dynamic NAT Step 4: Step 4: Mark the interfaces as inside or outside.Mark the interfaces as inside or outside. ISP Routing table 179.9.8.0 via 192.168.1.1 ISP Routing table 179.9.8.0 via 192.168.1.1 RA(config)#interface fa0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.0 RA(config-if)#ip nat inside RA(config)#interface fa0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.0 RA(config-if)#ip nat inside RA(config)#interface s0/0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ip nat outside RA(config)#interface s0/0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ip nat outside

32 CCNA4-32 Chapter 7-1 Configuring Dynamic NAT Summary: Summary: All inside hosts are eligible for NAT.

33 CCNA4-33 Chapter 7-1 Configuring NAT Overload (PAT) There are two possible ways to configure overloading. There are two possible ways to configure overloading. It depends on how the ISP allocates public IP addresses.It depends on how the ISP allocates public IP addresses. The ISP allocates one public IP address to the organization.The ISP allocates one public IP address to the organization. The ISP allocates more than one public IP address.The ISP allocates more than one public IP address. In either case, the configuration will include the overload keyword.In either case, the configuration will include the overload keyword. This keyword specifies to the router that Port Address Translation (PAT) is to be used.This keyword specifies to the router that Port Address Translation (PAT) is to be used.

34 CCNA4-34 Chapter 7-1 Configuring NAT Overload (PAT) The ISP allocates one public IP address to the organization. The ISP allocates one public IP address to the organization. 1.Assign the IP address received from the ISP as the IP address of the outside interface. 2.Define a standard access list permitting those addresses to be translated. 3.Establish dynamic translation specifying the access list and the actual interface instead of a pool of addresses and include the overload keyword. 4.Identify the inside and outside interfaces.

35 CCNA4-35 Chapter 7-1 Configuring NAT Overload (PAT) The ISP allocates one public IP address to the organization. The ISP allocates one public IP address to the organization. Assigned by ISP

36 CCNA4-36 Chapter 7-1 Configuring NAT Overload (PAT) The ISP allocates more than one public IP address. The ISP allocates more than one public IP address.

37 CCNA4-37 Chapter 7-1 Port Forwarding Port forwarding is the act of forwarding a network port from one network node to another. Port forwarding is the act of forwarding a network port from one network node to another. A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network. A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network. Port forwarding is helpful in situations where servers have private addresses, not reachable from the outside networks. Port forwarding is helpful in situations where servers have private addresses, not reachable from the outside networks.

38 CCNA4-38 Chapter 7-1 SOHO Example

39 CCNA4-39 Chapter 7-1 Configuring Port Forwarding with IOS In IOS, Port forwarding is essentially a static NAT translation with a specified TCP or UDP port number.

40 CCNA4-40 Chapter 7-1 Port Forwarding

41 CCNA4-41 Chapter 7-1 NAT for IPv6? NAT is a workaround for IPv4 address scarcity. NAT is a workaround for IPv4 address scarcity. IPv6 with a 128-bit address provides 340 undecillion addresses. IPv6 with a 128-bit address provides 340 undecillion addresses. Address space is not an issue for IPv6. Address space is not an issue for IPv6. IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement a form of private addresses, and it is implemented differently than they are for IPv4. IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement a form of private addresses, and it is implemented differently than they are for IPv4.

42 CCNA4-42 Chapter 7-1 IPv6 Unique Local Addresses IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a local site. IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a local site. ULAs are not meant to provide additional IPv6 address space. ULAs are not meant to provide additional IPv6 address space. ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF. ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF. ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local addresses). ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local addresses).

43 CCNA4-43 Chapter 7-1 NAT for IPv6 IPv6 also uses NAT, but in a much different context. IPv6 also uses NAT, but in a much different context. In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4. In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4. NAT64 is not intended to be a permanent solution; it is meant to be a transition mechanism. NAT64 is not intended to be a permanent solution; it is meant to be a transition mechanism. Network Address Translation-Protocol Translation (NAT-PT) was another NAT-based transition mechanism for IPv6, but is now deprecated by IETF. Network Address Translation-Protocol Translation (NAT-PT) was another NAT-based transition mechanism for IPv6, but is now deprecated by IETF. NAT64 is now recommended. NAT64 is now recommended.

44 CCNA4-44 Chapter 7-1 NAT for IPv6

45 CCNA4-45 Chapter 7-1 Troubleshooting NAT

46 CCNA4-46 Chapter 7-1 Verifying NAT and NAT Overload show ip nat translations show ip nat translations

47 CCNA4-47 Chapter 7-1 Verifying NAT and NAT Overload show ip nat statistics show ip nat statistics

48 CCNA4-48 Chapter 7-1 Verifying NAT and NAT Overload clear ip nat translation clear ip nat translation

49 CCNA4-49 Chapter 7-1 Troubleshooting NAT and NAT Overload show ip nat translations show ip nat translations clear ip nat translation clear ip nat translation debug ip nat debug ip nat

Download ppt "CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)"

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Cisco Certified Network Associate

Cisco Certified Network Associate
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.

© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Sybex CCENT 100-101 Chapter 13: Network Address Translation Instructor & Todd Lammle.

Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
4: Addressing Working At A Small-to-Medium Business or ISP.

4: Addressing Working At A Small-to-Medium Business or ISP.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

Similar presentations

Ads by Google