Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cabrillo College Building Cisco Remote Access Network

Published byFrieder Eberhardt Modified over 5 years ago

Similar presentations

Presentation on theme: "Cabrillo College Building Cisco Remote Access Network"— Presentation transcript:

1 Cabrillo College Building Cisco Remote Access Network
Ch. 11 Setting IP Addresses with NAT Rick Graziani, Instructor March 13, 2001

2 Private addresses and NAT
Network Address Translatation NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. In practice, NAT is used to allow hosts that are privately addressed to access the Internet.

3 Network Address Translation
The privately addressed "inside" network sends a packet through the NAT router. The addresses are converted to legal, registered IP addresses, enabling the packets to be passed to the public networks, such as the Internet.

4 NAT * /24 4 5 3 1 2 * This would normally be a routable address (non-private address space)

5 Cisco NAT Terminology When configuring NAT using the Cisco IOS, you will have to be able to distinguish between inside and outside addresses. Whether an address is “inside” or “outside” depends on your point-of-view.

6 Cisco NAT Terminology Addresses that your network is using are inside addresses, regardless of whether they belong to a private range or are globally routable. Addresses of systems beyond your network are considered outside addresses (whether they are private or global). Thus, your network could have inside local addresses (private addresses) and inside global addresses (globally routable addresses assigned by your provider).

7 NAT

8 NAT: Pros and Cons

9 NAT One advantage of NAT is that, since not every inside host needs outside access at the same time, you can get away with using a small pool of globally unique addresses to serve a relatively large number of privately addressed hosts.

10 NAT NAT comes as a great relief to organizations that outgrow their address space. If a school with a Class C address suddenly finds that over 500 nodes on campus need occasional Internet access, NAT (used in conjunction with RFC 1918 addresses) may provide a convenient solution.

11 NAT Because outside hosts never see the “pre-translated” inside addresses, NAT has the effect of hiding the inside structure of a network. Although NAT is not a security firewall, it can prevent outsiders from connecting directly to inside hosts, unless a permanent global address mapping exists in the NAT table.

12 NAT If you actually wants outside users to access an internally addressed webserver, you can statically map a global address ( ) to an inside address ( ). Static mappings exist in the NAT table until they are removed by an administrator. Internet hosts, and DNS, can use the global address to access the privately addressed webserver.

13 NAT Since CIDR places the authority to assign addresses at the ISP level, if you moved from one ISP to another, your company may have to completely readdress its systems with the new ISP’s CIDR block. Instead of readdressing, NAT can be deployed to temporarily translate the old addresses to new ones, with static mappings in place to keep web and other public services available to the outside.

14 Types of NAT Static NAT Dynamic NAT Overloading NAT (PAT) Overlapping

15 Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network. In static NAT, the computer with the IP address of will always translate to

16 Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. In dynamic NAT, the computer with the IP address of will translate to the first available address in the range from to

17 Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address ( ) but with a different port number assignment.

18 Overlapping - When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. The internal IP range ( xx) is also a registered range used by another network. Therefore, the router is translating the addresses to avoid a potential conflict with another network. It will also translate the registered global IP addresses back to the unregistered local IP addresses when information is sent to the internal network.

19 NAT Functions Translating inside local addresses
Overloading inside global addresses TCP load distribution Handling overlapping networks

20 NAT Examples Translating Inside Local Addresses
Overloading Inside Global Addresses TCP Load Distribution

21 NAT Configuration: Static
RTA(config)#ip nat inside source static local-ip global-ip RTA(config)#interface type number RTA(config-if)#ip nat inside RTA(config-if)#ip nat outside

22 NAT Configuration: Static
/24 ip route

23 NAT Configuration: Static
Room 2501 Example interface FastEthernet0/0 description Cabrillo LAN (NAT outside) ip address ip nat outside interface FastEthernet0/1 description Cisco Classroom 2501 (NAT inside) ip address ip nat inside ! Static map to Linux Server -inside source-ip translated to nnnn ip nat inside source static ! Static map to Catalyst 1900 switch ip nat inside source static

24 NAT Configuration: Dynamic
Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [rotary] RTA(config)#ip nat pool MYPOOL netmask Translated to these addresses

25 NAT Configuration: Dynamic
Router(config)#access-list access-list-number permit source [source-wildcard] Router(config)# ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip global-ip} Addresses to get translated RTA(config)#access-list 1 permit RTA(config)#ip nat inside source list 1 pool MYPOOL

26 NAT Configuration: Dynamic
Router(config)#interface type number Router(config-if)#ip nat inside Router(config-if)#interface type number: Router(config-if)#ip nat outside RTA(config)#interface s0 RTA(config-if)#ip nat outside RTA(config-if)#interface e0 RTA(config-if)#ip nat inside

27 NAT Configuration: Dynamic
interface FastEthernet0/0 description Cabrillo LAN (NAT outside) ip address ip nat outside interface FastEthernet0/1 description Cisco Classroom 2501 (NAT inside) ip address ip nat inside ip nat pool room netmask ip nat inside source list 1 pool room2501 access-list 1 permit

28 PAT: Address overloading
The most powerful feature of NAT routers is their ability to use Port Address Translation (PAT), which allows multiple inside addresses to map to the same global address. This is sometimes called a “many-to-one” NAT. literally hundreds of privately address nodes can access the Internet using only one global address.

29 PAT The NAT box keeps track of the different conversations by mapping TCP and UDP port numbers. This works well for client applications like web browsers because they grab port numbers as needed, typically from the unassigned range between 1024 and 65,535.

30 PAT An example PAT translation table

31 NAT Configuration: Overload
Router(config)#ip nat inside source list 24 pool natpool overload RTA(config)#ip nat inside source list 24 pool natpool overload

32 NAT Configuration: Overload

33 PAT Configuration: Dynamic
interface FastEthernet0/0 description Cabrillo LAN (NAT outside) ip address ip nat outside interface FastEthernet0/1 description Cisco Classroom 2501 (NAT inside) ip address ip nat inside ip nat pool room netmask overload ip nat inside source list 1 pool room2501 access-list 1 permit

34 NAT and PAT NAT overload is often used in conjunction with dynamic mappings to a NAT pool. A NAT router can then use a one-to-one dynamic mapping until the available addresses are almost depleted, at which time NAT can overload the remaining address or addresses. On a Cisco router, NAT will overload the first address in the pool until it’s maxed out, and then move on to the second address, and so on.

35 TCP Load distribution Cisco routers support TCP load distribution, a powerful NAT feature that allows you to map one global address to multiple inside addresses for the purpose of distributing conversations among multiple (usually mirrored) hosts.

36 TCP Load Distribution

37 NAT Configuration: Rotary
RTA(config)#ip nat pool webservers netmask type rotary RTA(config)#access-list 46 permit host RTA(config)#ip nat inside destination list 46 pool webservers RTA(config)#interface e0 RTA(config-if)#ip nat inside RTA(config-if)#interface s0 RTA(config)#ip nat outside

38 NAT Configuration: Rotary
2 NAT’d to

39 NAT drawbacks The tradeoff for address translation is a loss of functionality, particularly with any protocol or application that involves sending IP address information outside the IP header.

40 NAT drawbacks The following traffic types are not supported by Cisco IOS NAT: Routing table updates Domain Name System (DNS) zone transfers BOOTP talk, ntalk Simple Network Management Protocol (SNMP) NetShow

Download ppt "Cabrillo College Building Cisco Remote Access Network"

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Sybex CCENT 100-101 Chapter 13: Network Address Translation Instructor & Todd Lammle.

Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
4: Addressing Working At A Small-to-Medium Business or ISP.

4: Addressing Working At A Small-to-Medium Business or ISP.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation

Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
NAT (Network Address Translation) Natting means Translation of private IP address into public IP address . In order to communicate with internet we must.

NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Similar presentations

Ads by Google