LOGO
CCNA
Tehran Institute of Technology
Course name: Cisco CCNA
Instructor: Mansour.nch
Senior @ Tehran Institute of Tech...
Course name: Cisco CCNA
Instructor: Mansour.nch
Senior @ Tehran Institute of Technology
Copyright 2014
Tehran Institute of...
Introduction to NAT
 Before identifying NAT Technology we need know some about address
types in real world networks.
Priv...
Private VS Public
 The public addresses are used to reach to the internet.
» because they can be routed on internet.
 Bu...
Using NAT benefits
 With NAT, we can use private address millions of times all
over the world and still can be access to ...
Security tips on NAT
 For securtiy reasons,
 NAT also provide hiding your network from the outside of the
world. Because...
NAT Types
• Static NAT
• Dynamic NAT
• PAT(Port Address Translation) or NAT Overload
 Static NAT is the type that is used...
Keywords on NAT
Inside local : Your PC’s private address,
Inside global : Public address assigned to your PC,
Outside loca...
How NAT works?
At the example above there are different addresses. For PC A, these address are:
• Inside Local Address - 1...
LOGO
Static NAT
Course name: CCNA
Instructor: Mansour.nch
Email: Powerst.basu@gmail.com
Tel: +98 – 935 658 9590
Senior @ T...
Define Topology
For static NAT configuration, we will use the
below topology. Let’s firstly define our
routers. Think R1 r...
Define Topology
Firslt you must configure interface ip
addresses on three of these routers.And
then you must give the stat...
Define Topology
R1
R1 # conf terminal
R1 (config)# int f0/0
R1 (config-if)# ip address 192.168.0.1
255.255.255.0
R1 (confi...
Define Topology
www.Win2Farsi.com
R2
R2 # conf terminal
R2 (config)# int f0/0
R2 (config-if)# ip address 10.10.10.1
255.25...
Define Topology
RouterA
RouterA # conf terminal
RouterA (config)# int f0/0
RouterA (config-if)# ip address 192.168.0.2
255...
Verify Configurations
 R1 # ping 10.10.10.1
R2 # ping 192.168.0.1
 Here, lets give “ debug ip packet” command on R2 and ...
Verify Configurations
 And lastly for the mapping, private to public, we need an extra command
on Router A.
 Router A (c...
LOGO
Dynamic NAT
Course name: Cisco CCNA
Instructor: Mansour.nch
Senior @ Tehran Institute of Technology
Copyright 2014
Scenario
www.Win2Farsi.com
ISP
A network associate is configuring a router for the Weaver company to
provide internet acce...
Scenario
 The following have already been configured on the router:
 - The basic router configuration
- The appropriate ...
Solution (step by step)
1. What the IP Addressing of scenario
ISP
The Local Area Network has been assigned addresses –
> 1...
Solution (step by step)
What the IP Addressing of scenario?
ISP
We need to translate these LAN addresses into
198.18.184.1...
Solution (step by step)
So, Problem with IP addressing?
ISP
The company has 14 hosts in the LAN that need to access the In...
Solution (step by step)
ISP
Step 1: Create a standard access-list that specifies the Private IPs to
be translated i.e., 19...
Solution (step by step)
 To access the Weaver Router Click on Console PC —-> Desktop —-> Terminal —
-> OK
 Router>enable...
Solution (step by step)
 Create a standard access control list that permits the Private addresses OR the
addresses that a...
Solution (step by step)
 Perform NAT overloading by specifying the access-list and pool defined in the prior
steps.
This ...
Solution (step by step)
 Perform NAT overloading by specifying the access-list and pool defined in the prior
steps.
This ...
Solution (step by step)
 To verify your LAB the Click on Host for Testing —-> Desktop —-> Command
Prompt
 C:>ping 192.0....
LOGO
Tehran Institute of Technology
www.Win2Farsi.com
Course name: CCNA
Instructor: Mansour.nch
Email: Powerst.basu@gmail....
of 30

NAT Scneario

NAT configuration (Static & Dynamic)
Published on: Mar 3, 2016
Published in: Technology      Education      
Source: www.slideshare.net


Transcripts - NAT Scneario

  • 1. LOGO CCNA Tehran Institute of Technology Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014
  • 2. Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014 Tehran Institute of Technology Contents 1. Introduction to NAT 2. Static NAT 3. Dynamic NAT
  • 3. Introduction to NAT  Before identifying NAT Technology we need know some about address types in real world networks. Private Address Public Address Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 4. Private VS Public  The public addresses are used to reach to the internet. » because they can be routed on internet.  But the private addresses are used within an organization only. » because they can not be routed. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 5. Using NAT benefits  With NAT, we can use private address millions of times all over the world and still can be access to the internet. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 6. Security tips on NAT  For securtiy reasons,  NAT also provide hiding your network from the outside of the world. Because the remote node that you connect by internet, only knows your public address, not the real internal address of your pc.  NAT provide the translation from  private address to the public address. We are connecting internet with our private address, but in real at the backplane it is doing this with a public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 7. NAT Types • Static NAT • Dynamic NAT • PAT(Port Address Translation) or NAT Overload  Static NAT is the type that is used for one-to-one translation of ports or addresses, Dynamic NAT is the type that is used with a public address pool, and works with more than one public address, PAT is the type that translates the outbound traffic of internal nodes to unique port numbers of a single public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 8. Keywords on NAT Inside local : Your PC’s private address, Inside global : Public address assigned to your PC, Outside local : Outside host’s public address, Outside global: Same address as the outside local, necessary to translate an outside address to an private address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 9. How NAT works? At the example above there are different addresses. For PC A, these address are: • Inside Local Address - 10.1.1.10 • Inside Global Address - 55.1.1.1 • Outside Global Address – 99.1.1.2 • Outside Local Address – 99.1.1.2 Here the PC A ’s configured address, 10.1.1.10 is the inside global address. When this PC wants to go to the internet, it will use the Router A ‘s publica address, using PAT. So the inside global address of PC A is 55.1.1.1. Suring comunication with PC B, PC A access only PC B ‘s outside global address, 99.1.1.2 Tehran Institute of Technology
  • 10. LOGO Static NAT Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 11. Define Topology For static NAT configuration, we will use the below topology. Let’s firstly define our routers. Think R1 router as your local router. And R2 as a router on Internet. Finally RouterA will be our NAT configured router. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 12. Define Topology Firslt you must configure interface ip addresses on three of these routers.And then you must give the static route from both ends to others. After ping from both end successfull to other end, then it is ready for our NAT configuration. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 13. Define Topology R1 R1 # conf terminal R1 (config)# int f0/0 R1 (config-if)# ip address 192.168.0.1 255.255.255.0 R1 (config-if)# no shut R1 (config-if)# exit R1 (config)# ip route 10.10.10.0 255.255.255.0 192.168.0.2 R1 (config)# exit R1 # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 14. Define Topology www.Win2Farsi.com R2 R2 # conf terminal R2 (config)# int f0/0 R2 (config-if)# ip address 10.10.10.1 255.255.255.0 R2 (config-if)# no shut R2 (config-if)# exit R2 (config)# ip route 192.168.0.0 255.255.255.0 10.10.10.2 R2 (config)# exit R2 # copy run start Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 15. Define Topology RouterA RouterA # conf terminal RouterA (config)# int f0/0 RouterA (config-if)# ip address 192.168.0.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# exit RouterA (config)# int f0/1 RouterA (config-if)# ip address 10.10.10.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# end RouterA # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 16. Verify Configurations  R1 # ping 10.10.10.1 R2 # ping 192.168.0.1  Here, lets give “ debug ip packet” command on R2 and ping R1 to R2. Asyou can see below, the source address will be R1’s fa0/0 interface address and the destination address will be the R2’s fa0/0 address. After NAT configuration this source address will be change as RouterA’s fa0/1 interface ip address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 17. Verify Configurations  And lastly for the mapping, private to public, we need an extra command on Router A.  Router A (config)# ip nat inside source static 192.168.0.1 10.10.10.2  After configuring the RouterA with this command, let’s ping R1 to R2 again and check the debug ip packet command output. Here, as you can see below, the new source ip address is the ip address of RouterA’s fa0/1 interface. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 18. LOGO Dynamic NAT Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014
  • 19. Scenario www.Win2Farsi.com ISP A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the Company LAN have been assigned private space addresses in the range of192.168.100.17 – 192.168.100.30.
  • 20. Scenario  The following have already been configured on the router:  - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco”  The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.  Configuration information Router name – Weaver Inside global addresses – 198.18.184.105 198.18.184.110/29 Inside local addresses – 192.168.100.17 – 192.168.100.30/28 Number of inside hosts – 14 Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  • 21. Solution (step by step) 1. What the IP Addressing of scenario ISP The Local Area Network has been assigned addresses – > 192.168.100.17 to 192.168.100.30 and the subnet mask used, is /28 OR 255.255.255.240 Private IPs Tehran Institute of Technology
  • 22. Solution (step by step) What the IP Addressing of scenario? ISP We need to translate these LAN addresses into 198.18.184.105 – 198.18.184.110 Public IPs Tehran Institute of Technology
  • 23. Solution (step by step) So, Problem with IP addressing? ISP The company has 14 hosts in the LAN that need to access the Internet simultaneously but we just have 6 public IPs. So we need to configure NAT overloading or Port Address Translation (PAT). Tehran Institute of Technology
  • 24. Solution (step by step) ISP Step 1: Create a standard access-list that specifies the Private IPs to be translated i.e., 192.168.100.17 – 192.168.100.30 Step 2: Create a POOL of Public IPs to be allocated i.e., 198.18.184.105 – 198.18.184.110 Step 3: Use “ip nat inside source ….” command to link the ACCESS- LIST and POOL so that NAT overloading can be performed. Step 4: Use ip nat inside and ip nat outside command on fastEthernet and Serial interfaces respectively. Tehran Institute of Technology
  • 25. Solution (step by step)  To access the Weaver Router Click on Console PC —-> Desktop —-> Terminal — -> OK  Router>enable Router#configure terminal  Change the router’s name to Weaver as given in the LAB Router(config)#hostname Weaver  Create a NAT pool of global addresses to be allocated with the subnet mask. Weaver(config)#ip nat pool NHPOOL 198.18.184.105 198.18.184.110 netmask 255.255.255.248 ISP Tehran Institute of Technology
  • 26. Solution (step by step)  Create a standard access control list that permits the Private addresses OR the addresses that are to be translated. Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15 ISP Tehran Institute of Technology
  • 27. Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology
  • 28. Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology
  • 29. Solution (step by step)  To verify your LAB the Click on Host for Testing —-> Desktop —-> Command Prompt  C:>ping 192.0.2.114 The ping should work well and you will be replied from 192.0.2.114  Issue “show ip nat translation“ command on Weaver Router to verify the translation. ISP
  • 30. LOGO Tehran Institute of Technology www.Win2Farsi.com Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014