Day 17.1 nat pat (2)

ICND v2.0—6-1© 2002, Cisco Systems, Inc. All rights reserved. 1

Scaling the Network with

NAT and PAT


Intro to NAT/PATNAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip address on a network with the global or public ip addresses.

Requirement of NAT when..

1.you need to connect to the Internet and your hosts don’t have global unique ip addresses. We are using private addresses.

2. 2. You change your network to another ISP and that require to renumber your

network. Then using the nat we didn’t need to change our ip addresses.

3. You need to merge two internets with duplicate addresses.

4.No any host from the foreign network can access our local network. Local network security.


Advantages disadvantages

1. Conserves legally registered addresses 1.Translation introduces switching path 2. Reduces address overlap occurrence delays.3. Increase flexibility when connecting to 2. loss of end to end IP

traceability. internet4. Eliminates address renumbering as 3. certain applications will not function network changes. With nat enabled.NAT terms:-Inside local: Name of inside source address before translation

Outside local: Name of the destination host before translation

Inside global: Name of inside host after translation

Outside global: Name of outside destination host after translation

ICND v2.0—6-4

NAT types……………………………… Static NAT:- it is the type of Nat that is designed to allow One-to-one mapping between the local ip addresses and global ip addresses.

BUT keep in mind that static NAT require that YOU MUST HAVE ONE REAL INTERNET IP ADDRESS FOR EVERY HOST ON YOUR NETWORK.

Dynamic NAT:- this gives the ability to map an unregistered ip address with a registered ip address from out of pool of ip addresses. you don’t have to statically configure your router to map an inside address with an outside address like in static NAT.

But you must have the sufficient number of ip addresses for every user who`s going to transfer packets with internet

NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. __Many –to-One.

But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only

NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. __Many –to-One.

But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only

ICND v2.0—6-5

• An IP address is either local or global.

• Local IP addresses are seen in the inside network.

ICND v2.0—6-6

ICND v2.0—6-7

ICND v2.0—6-8

• Establishes static translation between an inside local address and an inside global address

Router(config)#ip nat inside source static local-ip global-ip

• Marks the interface as connected to the inside

Router(config-if)#ip nat inside

• Marks the interface as connected to the outside

Router(config-if)#ip nat outside


NAT configuration

TO CONFIGURE STATIC NAT------------r3>enr3#conf tr3(config)#int serial 0/0r3(config-if)#ip nat outsider3(config-if)#int fa 0/0r3(config-if)#ip nat insider3(config-if)#exitr3(config)#ip nat inside source static 10.0.0.2 20.0.0.3r3(config)#exitr3#show ip nat translationsr3#show ip nat statistics

TO REMOVE STATIC NAT:----

r3#conf tr3(config)#no ip nat inside source static 10.0.0.2 20.0.0.3

ICND v2.0—6-10

ICND v2.0—6-11

• Establishes dynamic source translation, specifying the access list defined in the prior step

Router(config)#ip nat inside source list access-list-number pool name

• Defines a pool of global addresses to be allocated as needed

Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

• Defines a standard IP access list permitting those inside local addresses that are to be translated

Router(config)#access-list access-list-number permit source [source-wildcard]


Configuring Dynamic TranslationHOW TO CONFIGURE DYNAMIC NAT---r3>enr3#conf tr3(config)#int serial 0/0r3(config-if)#ip nat outsider3(config-if)#int fa 0/0r3(config-if)#ip nat insider3(config-if)#exitr3(config)#ip nat pool abc 20.0.0.3 20.0.0.5 netmask 255.255.255.0r3(config)#access-list 1 permit anyr3(config)#ip nat inside source list 1 pool abcr3(config)#^Zr3#sh ip nat translationsr3#sh ip nat statisticsr3#clear ip nat translation *

HOW TO REMOVE DYNAMIC NAT------------r3>enr3#conf tr3(config)#no ip nat inside source list 1 pool abc forcedr3(config)#no access-list 1r3(config)#no ip nat pool abc

ICND v2.0—6-13

ICND v2.0—6-14

ICND v2.0—6-15

• Establishes dynamic source translation, specifying the access list defined in the prior step

Router(config)#ip nat inside source list access-list-number interface interface overload

• Defines a standard IP access list permitting those inside local addresses that are to be translated

Router(config)#access-list access-list-number permit source source-wildcard


Configuring nat overloading PATHOW TO CONFIGURE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS TRANSLATION)---r3>enr3#conf tr3(config)#int serial 0/0r3(config-if)#ip nat outsider3(config-if)#int fa 0/0r3(config-if)#ip nat insider3(config-if)#exitr3(config)#ip nat pool xyz overload 20.0.0.1 20.0.0.1 prefix-length 24r3(config)#access-list 1 permit anyr3(config)#ip nat inside source list 1 pool xyz overloadr3(config)#^Zr3#sh ip nat translationsr3#sh ip nat statisticsr3#clear ip nat translation *

HOW TO REMOVE DYNAMIC NAT WITH OVERLOAD (PAT- PORT ADDRESS TRANSLATION)---r3>enr3#conf tr3(config)#no ip nat inside source list 1 pool xyz overload forcedr3(config)#no access-list 1r3(config)#no ip nat pool xyz overload

ICND v2.0—6-17

ICND v2.0—6-18

• Clears a simple dynamic translation entry containing an inside translation, or both inside and outside translation

Router#clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]

• Clears all dynamic address translation entries

Router#clear ip nat translation *

• Clears a simple dynamic translation entry containing an outside translation

Router#clear ip nat translation outside local-ip global-ip

• Clears an extended dynamic translation entry

Router#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port]

ICND v2.0—6-19

• Displays translation statistics

Router#show ip nat statistics

• Displays active translations

Router#show ip nat translations

Router#show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- ---

Router#show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …

ICND v2.0—6-20

ICND v2.0—6-21

ICND v2.0—6-22

Router#debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]

ICND v2.0—6-23

Translation Not Installed in the Translation Table?

Verify that: The configuration is correct. There are not any inbound access lists denying

the packets from entering the NAT router. The access list referenced by the NAT command

is permitting all necessary networks. There are enough addresses in the NAT pool. The router interfaces are appropriately defined as

NAT inside or NAT outside.

ICND v2.0—6-24

SummaryCisco IOS NAT allows an organization with unregistered

private addresses to connect to the Internet by translating those addresses into globally registered IP addresses.

You can translate your own IP addresses into globally unique IP addresses when communicating outside of your network.

Overloading is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many-to-one) by using different ports, known also as PAT.

Once you have configured NAT, verify that it is operating as expected using the clear and show commands.

Sometimes NAT is blamed for IP connectivity problems when there is actually a routing problem.

Education

Day 17.1 nat pat (2)