Scribd
Upload
16 views25 pages

CPE364Week15 NAT.pptx

The document provides an overview of Network Address Translation (NAT) for IPv4, detailing its operation, configuration, and troubleshooting in small to medium-sized business networks. It covers various types of NAT, including static, dynamic, and Port Address Translation (PAT), along with their advantages and disadvantages. Additionally, it discusses the transition to IPv6 and the role of NAT in facilitating communication between IPv4 and IPv6 networks.

Uploaded by

Zakaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views25 pages

CPE364Week15 NAT.pptx

The document provides an overview of Network Address Translation (NAT) for IPv4, detailing its operation, configuration, and troubleshooting in small to medium-sized business networks. It covers various types of NAT, including static, dynamic, and Port Address Translation (PAT), along with their advantages and disadvantages. Additionally, it discusses the transition to IPv6 and the role of NAT in facilitating communication between IPv4 and IPv6 networks.

Uploaded by

Zakaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Network Address

Translation for IPv4

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 1
Objectives
▪ Network Layer Protocols
• Explain how NAT provides IPv4 address scalability in a small to
medium-sized business network.

▪ Configuring NAT
• Configure NAT services on the edge router to provide IPv4 address
scalability in a small to medium-sized business network.

▪ Troubleshoot NAT Configurations


• Troubleshoot NAT issues in a small to medium-sized business network.

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 5
NAT Operation

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 6
NAT Operation
NAT Characteristics
▪ IPv4 Private Address Space
• 10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16 RFC1918
▪ What is NAT?
• Process to translate network IPv4 address
• Conserve public IPv4 addresses
• Configured at the border router for translation
▪ NAT Terminology
• Inside address
• Inside local address
• Inside global address
• Outside address
• Outside local address
• Outside global address

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 7
IPv4 Private Addresses (RFC 1918)
▪ Class A
• 10.0.0.0 – 10.255.255.255

▪ Class B
• 172.16.0.0 – 172.31.255.255

▪ Class C
• 192.168.0.0 – 192.168.255.255

Back

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 8
Local & Global NAT Terms
• Inside local address—The IP address assigned to a host on the
inside network via dynamic address allocation.
• Inside global address—A legitimate IP address assigned by the NIC
or service provider that represents one or more inside local IP
addresses to the outside world.
• Outside local address—The IP address of an outside host as it
appears to the inside network. Not necessarily a legitimate
address, it is allocated from an address space routable on the
inside.
• Outside global address—The IP address assigned to a host on the
outside network by the host owner. The address is allocated from
a globally routable address or network space.
Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 9
NAT Operation
Types of NAT
▪ Static NAT
• One-to-one mapping of local and global
addresses
• Configured by the network administrator and
remain constant.
▪ Dynamic NAT
• Uses a pool of public addresses and assigns
them on a first-come, first-served basis
• Requires that enough public addresses for the
total number of simultaneous user sessions
▪ Port Address Translation (PAT)
• Maps multiple private IPv4 addresses to a single
public IPv4 address or a few addresses
• Also known as NAT overload
• Validates that the incoming packets were
requested
• Uses port numbers to forward the response
packets to the correct internal device
Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 10
NAT Operation
NAT Advantages
▪ Advantages of NAT
• Conserves the legally registered addressing scheme
• Increases the flexibility of connections to the public network
• Provides consistency for internal network addressing schemes
• Provides network security
▪ Disadvantages of NAT
• Performance is degraded
• End-to-end functionality is degraded
• End-to-end IP traceability is lost
• Tunneling is more complicated
• Initiating TCP connections can be disrupted

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 11
Configuring NAT

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 12
Configuring NAT
Configuring Static NAT
▪ Configuring Static NAT
• Create the mapping between the inside local and outside local
addresses
ip nat inside source static local-ip global-ip
• Define which interfaces belong to the inside network and which belong
to the outside network
ip nat inside
ip nat outside

▪ Analyzing Static NAT


▪ Verifying Static NAT
show ip nat translations
show ip nat statistics
clear ip nat statistics
Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 13
Configuring NAT
Configuring Dynamic NAT
▪ Dynamic NAT Operation
• The pool of public IPv4 addresses (inside global address pool) is
available to any device on the inside network on a first-come, first-
served basis.
• With dynamic NAT, a single inside address is translated to a single
outside address.
• The pool must be large enough to accommodate all inside devices.
• A device is unable to communicate to any external networks if no
addresses are available in the pool.

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 14
Configuring NAT
Configuring Dynamic NAT (Cont.)
▪ Configuring Dynamic NAT
• Create the mapping between the inside local and outside local
addresses
ip nat pool name start-ip end-ip {netmask netmask
| prefix-length prefix-length}
• Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source
[source-wildcard]
• Bind the ACL to the pool
ip nat inside source list access-list-number pool
name
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 15
Configuring NAT
Configuring Dynamic NAT (Cont.)
▪ Analyzing Dynamic NAT
▪ Verifying Dynamic NAT
show ip nat translations
show ip nat translations verbose
clear ip nat statistics
clear ip nat translations *

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 16
Configuring NAT
Configuring Port Address Translations (PAT)
▪ Configuring PAT: Address Pool
• Create the mapping between the inside local and outside local addresses
ip nat pool name start-ip end-ip {netmask netmask |
prefix-length prefix-length}
• Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-
wildcard]
• Bind the ACL to the pool
ip nat inside source list access-list-number pool name
overload
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 17
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
▪ Configuring PAT: Single Address
• Define a standard ACL to permit those addresses to be translated
access-list access-list-number permit source
[source-wildcard]
• Establish dynamic source translation, specify the ACL, exit interface, and
overload option
ip nat inside source list access-list-number
interface type name overload
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 18
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
▪ Analyzing PAT
▪ Verifying PAT
show ip nat translations
show ip nat statistics
slear ip nat statistics

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 19
Configuring NAT
Port Forwarding
▪ Port Forwarding
• Port forwarding is the act of forwarding a network port from one network node to
another.
• A packet sent to the public IP address and port of a router can be forwarded to a
private IP address and port in inside network.
• Port forwarding is helpful in situations where servers have private addresses, not
reachable from the outside networks.

▪ Wireless Router Example


▪ Configuring Port Forwarding with IOS
ip nat inside source [static {tcp | udp local-ip local-port
global-ip global-port} [extendable]

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 20
Configuring NAT
Configuring NAT and IPv6
▪ NAT for IPv6?
• IPv6 with a 128-bit address provides 340 undecillion addresses.
• Address space is not an issue for IPv6.
• IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement a
form of private addresses, and it is implemented differently than they are for IPv4.

▪ IPv6 Unique Local Address


• IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a local
site.
• ULAs are not meant to provide additional IPv6 address space.
• ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF.
• ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local
addresses).

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 21
Configuring NAT
Configuring NAT and IPv6 (Cont.)
▪ NAT for IPv6
• IPv6 also uses NAT, but in a much different context.
• In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4.
• NAT64 is not intended to be a permanent solution; it is meant to be a transition
mechanism.
• Network Address Translation-Protocol Translation (NAT-PT) was another NAT-
based transition mechanism for IPv6, but is now deprecated by IETF.
• NAT64 is now recommended.

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 22
Troubleshooting NAT

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 23
Troubleshooting NAT
Troubleshooting NAT Configurations
▪ Troubleshooting NAT: show commands
clear ip nat statistics
clear ip nat translations *
show ip nat statistics
Show ip nat translations
▪ Troubleshooting NAT: debug commands
debug ip nat

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 24
Chapter Summary

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 25
Chapter Summary
Summary
▪ How NAT is used to help alleviate the depletion of the IPv4 address space.
▪ NAT conserves public address space and saves considerable administrative
overhead in managing adds, moves, and changes.
▪ NAT for IPv4, including:
• NAT characteristics, terminology, and general operations
• Different types of NAT, including static NAT, dynamic NAT, and NAT with
overloading
• Benefits and disadvantages of NAT
▪ The configuration, verification, and analysis of static NAT, dynamic NAT, and
NAT with overloading.
▪ How port forwarding can be used to access an internal devices from the
Internet.
▪ Troubleshooting NAT using show and debug commands.
▪ How NAT for IPv6 is used to translate between IPv6 addresses and IPv4
addresses.

Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 26
Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 30
Presentation_ID © 2008 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential 31

You might also like