Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
Network Address Translation(NAT)
|
Takes a host's private IP address and translates it to a non-private, routable address.
|
|
|
RFC1918 - Range of private addresses.
|
Masks for these address ranges are not the same as those for the full Class A(/8), Class B(12), C(/24) address ranges. Class A: 10.0.0.0 /8 Class B: 172.16.0.0 /12 Class C: 192.168.0.0 /16 |
|
|
Inside local
|
Address used by hosts on the local network to talk to other hosts on the local network. The inside local address is the address being translated locally. |
|
|
Inside global
|
Is the address that is translated by the router.
|
|
|
Outside local
|
Is the non-routable addresses of hosts on the remote network when the translation takes place.
|
|
|
Outside global
|
Ip address assigned to a host on the outside network.
|
|
|
Inside local |
private addresses. |
|
|
What happens when a router performs NAT?
|
That router makes an entry in its NAT translation table, mapping the inside local address to the assigned inside global address.
|
|
The router looks at the inside local address and say, "let me make a note of that: 10.1.1.1 is mapped to 200.1.1.1 which is the inside global.
|
The private address is never seen outside the local network, and the host receiving these packets has no idea NAT has occurred. The only device that knows what is going on is the router.
|
|
When packets come back in with a routable address, the router checks its NAT table to see if another translation is in order. If so, the router translates the inside global address back to the appropriate inside local address and routes the packets accordingly.
|
Packets come into the router destined for 200.1.1.1. Router says 200.1.1.1 is mapped to 10.1.1.1 in my Nat table, so I'll translate that address before forwarding. |
|
|
Static NAT(SNAT)
|
A one on one mapping of inside local to inside global addresses. It requires you to have one real Internet IP address for every host on the network. |
|
|
Before creating mappings. .
|
Configure IP NAT INSIDE and IP NAT OUTSIDE on the interfaces |
|
|
Ip Nat Inside- goes on the interface closest to the hosts having their addresses translated. Ip NAT Outside -goes on the exit interface of the router performing NAT |
Always check your ip nat inside and ip nat outside first when troubleshooting NAT.
|
|
|
Syntax is Inside local to Inside global Outside local to Outside global |
To configure NAT Router(config)#ip nat ? inside Inside address translation outside Outside address translation pool Define pool of addresses |
|
|
Steps involving Static NAT
|
1. Add Nat inside and NAT outside to interfaces. Router(config-if)#ip nat inside 2.Create the static mapping. Router(config)#ip nat inside source static (inside local address) to (Inside global address) sh ip nat translations- to check work |
|
|
Dynamic NAT(DNAT) - enables us to create a pool of inside global addresses. Those routable addresses are mapped to certain private addresses on an as-needed basis, and the mapping is dropped when the translation is no longer active. DNAT- acts similar to DHCP.
|
Dynamic NAT you use an ACL to identify the inside devices that can have their addresses translated.
|
|
|
Steps involving Dynamic NAT |
1. Add Nat inside and outside to interfaces. 2. Create a pool. Router(config)#ip nat pool pat 200.1.1.1 200.1.1.5 netmask 255.255.255.0 or use the prefix length which is 24. 3. Create access list identifying the host that can use NAT. Router(config)#access-list 2 permit host 10.1.1.2 * These are the only ip addresses that can be translated by NAT* (use loopbacks for labs config on nat inside) 4. Write NAT inside statement the calls the access list name or number and calls the pool. LIST means access-list. Router(config)#ip nat inside source list 2 pool pat |
|
|
By default the source address of a ping is the source address of a ping that is leaving the host. So if you don't have a sh ip nat translation, remember to use a source ping. (add a route for labs)
|
R1#ping 172.12.123.2 source 10.1.1.2
|
|
|
Nat pool uses inside global addresses. Example range 200.1.1.1 -200.1.1.5 with a /24 |
Then write a permit access-list access-list permit host 1.1.1.1 |
|
|
Clear Ip nat trans * |
To clear ip nat table. It only works on dynamic translations not static. |
|
|
Port Address Translation(PAT) also called overloading.
|
PAT allows private IP addresses of inside hosts to be translated to a single routable address- the address already in use on the outside interface! We are overloading a single routable address. |
|
|
How PAT works?
|
The private address is translated to a combination of that single IP address and port number, allowing the same routable address to be used by multiple inside hosts for NAT. Instead of using a NAT pool with the ip nat inside source command, just use the outside interface and the word overload. You still need ip nat inside and ip nat outside on the interfaces. |
|
|
PAT setup steps |
1. configure interfaces with ip nat inside and outside. 2. Create Nat Statement we are not using a pool so pool is not needed. 3.Write Nat statement ip nat inside source list ? Make sure you use interface instead of pool. (interface Specify interface for global address) 4. Use overload at the end of the statement: Router(config)#ip nat inside source list 2 interface f0/0 overload
sh ip nat Trans- to see port numbers.
|
|
|
Sh ip nat stat
|
-Shows how many active translations you have. -Peak number of translations you have. -Shows outside interfaces -Shows inside interfaces -number of expired translations -It will also show you the access-list statement under Dynamic mappings. |
|
|
Configure router to get on the internet at home. Remember to do ip address dhcp on the wan-link which is your outside link. |
ip dhcp excluded-address 192.168.10.1 192.168.10.9
! ip dhcp pool PATDHCP network 192.168.10.0 255.255.255.0 default-router 192.168.10.254 dns-server 8.8.8.8 ! interface FastEthernet0/0 description WAN-LINK ip address dhcp ip nat outside ! interface FastEthernet0/1 description INSIDE-LAN ip address 192.168.10.254 255.255.255.0 ip nat inside ! ip nat inside source list 100 interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 192.168.5.254 ! access-list 100 permit ip any any |
