Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Published byPatricia Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006."— Presentation transcript:

1 Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006

2 Page 2 NAT Network Address Translation (NAT) –Allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet – Host might be using a private address or address assigned to another organization –The source IP address is changed within the packet from the private to the public address. –Cisco terminology uses “Inside” and “Outside” to describe where the IP addresses reside – “local” and “global” are also used to describe the location of the IP addresses –A table is kept with the translation Static NAT –A one to one mapping is setup where the inside address is always mapped to the same outside address – This mapping does not change – A second private address will require a second public address

3 Page 3 NAT Dynamic NAT –A one to one mapping is setup where the inside IP addresses are dynamically assigned to a pool of outside addresses – If all addresses in the outside pool are being used, then the host will not be able to access the outside Dynamic NAT & Static NAT – Dynamic NAT and Static NAT can work together – It is possible to setup a pool addresses and also statically map some of the addresses NAT Overload – Overloading allows NAT to scale to support many clients to one IP address – Also referred to as PAT – Instead of just translating the IP address, it also translates the port number – The translation table also maintains the port number

4 Page 4 NAT NAT Configuration –The interfaces on router need to be designated as the “inside” and “outside” interface – “ip nat inside” – “ip nat outside” Static NAT Configuration –Configuration commands – “ip nat inside source static 10.1.1.2 200.1.1.2” –Show commands – “show ip nat translations” – Displays the translation table – “sh ip nat statistics” – Displays various different statistics

5 Page 5 NAT Dynamic NAT –A NAT pool must be setup for outside addresses – “ip nat pool umbc 200.1.1.1 200.1.1.254 netmask 255.255.255.0” – The above command is executed in configuration mode –The addresses to be translated need to be identified – “access-list 1 permit 10.1.1.0 0.0.0.255” – The above command is executed in configuration mode –The inside addresses need to be mapped to the outside pool – “ip nat inside source list 1 pool umbc” – The above command is executed in configuration mode

6 Page 6 NAT NAT Overload –A NAT pool must be setup for outside addresses – “ip nat pool umbc 200.1.1.1 netmask 255.255.255.255” – The above command is executed in configuration mode –Two ways of mapping the inside addresses to the outside pool – “ip nat inside source list 1 pool umbc overload” – “ip nat inside source list 1 interface serial0/0 overload” – The above command is executed in configuration mode – This will map everything in access list 1 to the IP address of the serial interface –The addresses to be translated need to be identified – “access-list 1 permit 10.1.1.0 0.0.0.255” – The above command is executed in configuration mode

7 Page 7 VPN Virtual Private Network (VPN) –A private data network that makes use of the public telecommunication infrastructure (Internet), maintaining privacy through the use of a tunneling protocol and security procedures – A VPN is very cost effective –Traffic is encrypted as it travels across the Internet –An administrator must be aware of the traffic that flows through the tunnel and the end points of tunnel –All traffic on the secure VPN must be encrypted and authenticated – Encryption types – DES, 3DES, AES

8 Page 8 VPN Virtual Private Network (VPN) –The security properties on all end points of the VPN tunnel must be the same –No one outside the VPN tunnel should be able to effect the security properties of the tunnel –Split Tunneling allows for traffic to be sent through a tunnel and outside the tunnel at the same time – Very big security concern with Split Tunneling –IPSEC is used for encryption of VPN tunnel – Uses ISAKMP (IKE) – UDP port 500 for tunnel setup – Uses esp (protocol 50) and ah (protocol 51) for encryption

9 Page 9 VPN Types of VPN –A client based VPN tunnel handles only the connection for one workstation – Usually created from a PC to a VPN Gateway (server) –A LAN-2-LAN VPN tunnel is built for many clients to use – Usually created from one Gateway to another Gateway –Understand the design for each type – Discussed in class VPN Devices –Possible to create a VPN tunnel with any device than supports IPSEC –Cisco devices – IOS router – PIX Firewall – VPN concentrator

Download ppt "Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006."

Similar presentations

192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.

© 2003, Cisco Systems, Inc. All rights reserved. ICND v2.1—4-1 © 2003, Cisco Systems, Inc. All rights reserved. 1 Scaling the Network with NAT and PAT.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Sybex CCENT 100-101 Chapter 13: Network Address Translation Instructor & Todd Lammle.

Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Similar presentations

Ads by Google