NAT Scneario

LOGO

CCNATehran Institute of Technology

Course name: Cisco CCNA Instructor: Mansour.nchSenior @ Tehran Institute of TechnologyCopyright 2014

Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of TechnologyCopyright 2014

Tehran Institute of Technology

Contents

1. Introduction to NAT

2. Static NAT

3. Dynamic NAT

Introduction to NAT

Before identifying NAT Technology we need know some about address types in real world networks.

Private Address

Public Address


Course name: CCNA Instructor: Mansour.nchEmail: [email protected]: +98 – 935 658 9590Senior @ Tehran Institute of TechnologyCopyright 2014

mailto:[email protected]

Private VS Public

The public addresses are used to reach to the internet.

» because they can be routed on internet.

But the private addresses are used within an organization only.

» because they can not be routed.




Using NAT benefits

With NAT, we can use private address millions of times all over the world and still can be access to the internet.




Security tips on NAT

For securtiy reasons,

NAT also provide hiding your network from the outside of the

world. Because the remote node that you connect by internet,

only knows your public address, not the real internal address of

your pc.

NAT provide the translation from

private address to the public address. We are connecting

internet with our private address, but in real at the backplane it is

doing this with a public address.




NAT Types

• Static NAT• Dynamic NAT• PAT(Port Address Translation) or NAT Overload

Static NAT is the type that is used for one-to-one translation of ports or

addresses,

Dynamic NAT is the type that is used with a public address pool, and

works with more than one public address,

PAT is the type that translates the outbound traffic of internal nodes to

unique port numbers of a single public address.




Keywords on NAT

Inside local : Your PC’s private address,Inside global : Public address assigned to your PC,Outside local : Outside host’s public address,Outside global: Same address as the outside local, necessary to translate an outside address to an private address.




How NAT works?

At the example above there are different addresses. For PC A, these address are:

• Inside Local Address - 10.1.1.10

• Inside Global Address - 55.1.1.1

• Outside Global Address – 99.1.1.2

• Outside Local Address – 99.1.1.2

Here the PC A ’s configured address, 10.1.1.10 is the inside global

address. When this PC wants to go to the internet, it will use the Router

A ‘s publica address, using PAT. So the inside global address of PC A is

55.1.1.1. Suring comunication with PC B, PC A access only PC B ‘s

outside global address, 99.1.1.2


LOGO

Static NAT



Define Topology

For static NAT configuration, we will use the

below topology. Let’s firstly define our

routers. Think R1 router as your local router.

And R2 as a router on Internet. Finally

RouterA will be our NAT configured router.




Define Topology

Firslt you must configure interface ip

addresses on three of these routers.And

then you must give the static route from

both ends to others. After ping from both

end successfull to other end, then it is ready

for our NAT configuration.




Define Topology

R1

R1 # conf terminal

R1 (config)# int f0/0

R1 (config-if)# ip address 192.168.0.1

255.255.255.0

R1 (config-if)# no shut

R1 (config-if)# exit

R1 (config)# ip route 10.10.10.0

255.255.255.0 192.168.0.2

R1 (config)# exit

R1 # copy run start




Define Topology

www.Win2Farsi.com

R2

R2 # conf terminal

R2 (config)# int f0/0

R2 (config-if)# ip address 10.10.10.1

255.255.255.0

R2 (config-if)# no shut

R2 (config-if)# exit

R2 (config)# ip route 192.168.0.0

255.255.255.0 10.10.10.2

R2 (config)# exit

R2 # copy run start



Define Topology

RouterA

RouterA # conf terminal

RouterA (config)# int f0/0

RouterA (config-if)# ip address 192.168.0.2

255.255.255.0

RouterA (config-if)# no shut

RouterA (config-if)# exit

RouterA (config)# int f0/1

RouterA (config-if)# ip address 10.10.10.2

255.255.255.0

RouterA (config-if)# no shut

RouterA (config-if)# end

RouterA # copy run start




Verify Configurations

R1 # ping 10.10.10.1R2 # ping 192.168.0.1

Here, lets give “ debug ip packet” command on R2 and ping R1 to R2. Asyou can see below, the source address will be R1’s fa0/0 interface address and the destination address will be the R2’s fa0/0 address. After NAT configuration this source address will be change as RouterA’s fa0/1 interface ip address.




Verify Configurations

And lastly for the mapping, private to public, we need an extra command on Router A.

Router A (config)# ip nat inside source static 192.168.0.1 10.10.10.2

After configuring the RouterA with this command, let’s ping R1 to R2 again and check the debug ip packet command output. Here, as you can see below, the new source ip address is the ip address of RouterA’s fa0/1 interface.




LOGO

Dynamic NAT

Course name: Cisco CCNA Instructor: Mansour.nchSenior @ Tehran Institute of TechnologyCopyright 2014

Scenario

www.Win2Farsi.com

ISP

A network associate is configuring a router for the Weaver company to

provide internet access. The ISP has provided the company six public IP

addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts

that need to access the internet simultaneously. The hosts in the Company

LAN have been assigned private space addresses in the range

of192.168.100.17 – 192.168.100.30.

Scenario

The following have already been configured on the router：

- The basic router configuration- The appropriate interfaces have been configured for NAT inside and NAT outside- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)- All passwords have been temporarily set to “cisco”

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.

Configuration informationRouter name – WeaverInside global addresses – 198.18.184.105 198.18.184.110/29Inside local addresses – 192.168.100.17 – 192.168.100.30/28Number of inside hosts – 14




Solution (step by step)

1. What the IP Addressing of scenario

ISP

The Local Area Network has been assigned addresses –

> 192.168.100.17 to 192.168.100.30 and the subnet mask used, is

/28 OR 255.255.255.240

Private IPs



What the IP Addressing of scenario?

ISP

We need to translate these LAN addresses into

198.18.184.105 – 198.18.184.110

Public IPs



So, Problem with IP addressing?

ISP

The company has 14 hosts in the LAN that need to access the Internet

simultaneously but we just have 6 public IPs. So we need to configure

NAT overloading or Port Address Translation (PAT).



ISP

Step 1: Create a standard access-list that specifies the Private IPs to

be translated i.e., 192.168.100.17 – 192.168.100.30

Step 2: Create a POOL of Public IPs to be allocated i.e.,

198.18.184.105 – 198.18.184.110

Step 3: Use “ip nat inside source ….” command to link the ACCESS-

LIST and POOL so that NAT overloading can be performed.

Step 4: Use ip nat inside and ip nat outside command on

fastEthernet and Serial interfaces respectively.



To access the Weaver Router Click on Console PC —-> Desktop —-> Terminal —-> OK

Router>enableRouter#configure terminal

Change the router’s name to Weaver as given in the LABRouter(config)#hostname Weaver

Create a NAT pool of global addresses to be allocated with the subnet mask.Weaver(config)#ip nat pool NHPOOL 198.18.184.105 198.18.184.110 netmask 255.255.255.248

ISP



Create a standard access control list that permits the Private addresses OR the addresses that are to be translated.Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15

ISP



Perform NAT overloading by specifying the access-list and pool defined in the prior steps.This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL.Weaver(config)#ip nat inside source list 10 pool NHPOOL overload

As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.

Copy running configuration into startup configuration.Weaver#copy running-config startup-config

ISP



To verify your LAB the Click on Host for Testing —-> Desktop —-> Command Prompt

C:>ping 192.0.2.114The ping should work well and you will be replied from 192.0.2.114

Issue “show ip nat translation“ command on Weaver Router to verify the translation.

ISP

LOGO


www.Win2Farsi.com Course name: CCNA Instructor: Mansour.nchEmail: [email protected]: +98 – 935 658 9590Senior @ Tehran Institute of TechnologyCopyright 2014


NAT Scneario

Technology

Transcript of NAT Scneario