Managing IP Traffic with ACLs
Scaling the Network with NAT and PAT
Lecture 7
Outline
• Overview
• Introducing NAT and PAT
• Translating Inside Source Addresses
• Overloading an Inside Global Addr...
Network Address Translation
• An IP address is either local or global.
• Local IP addresses are seen in the inside netwo...
Port Address Translation
Translating Inside Source Addresses
Configuring Static Translation
Router(config)# ip nat inside source static local-ip global-ip
• Establishes static trans...
Enabling Static NAT
Address Mapping Example
Configuring Dynamic Translation
Router(config)# ip nat pool name start-ip end-ip
{netmask netmask | prefix-length prefix...
Dynamic Address Translation Example
Overloading an Inside Global Address
Configuring Overloading
Router(config)# access-list access-list-number permit
source source-wildcard
• Defines a standa...
Overloading an Inside
Global Address Example
Clearing the NAT Translation Table
Router# clear ip nat translation *
• Clears all dynamic address translation entries
...
Displaying Information with show
Commands
Router# show ip nat translations
• Displays active translations
Router# show...
Sample Problem: Cannot
Ping Remote Host
Solution: New Configuration
Using the debug ip nat Command
Router# debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=1...
Translation Not Installed in the
Translation Table?
Verify that:
• The configuration is correct.
• There are not any i...
of 18

NAT and PAT

t
Published on: Mar 3, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - NAT and PAT

  • 1. Managing IP Traffic with ACLs Scaling the Network with NAT and PAT Lecture 7
  • 2. Outline • Overview • Introducing NAT and PAT • Translating Inside Source Addresses • Overloading an Inside Global Address • Verifying the NAT and PAT Configuration • Troubleshooting the NAT and PAT Configuration • Summary
  • 3. Network Address Translation • An IP address is either local or global. • Local IP addresses are seen in the inside network.
  • 4. Port Address Translation
  • 5. Translating Inside Source Addresses
  • 6. Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip • Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside • Marks the interface as connected to the inside Router(config-if)# ip nat outside • Marks the interface as connected to the outside
  • 7. Enabling Static NAT Address Mapping Example
  • 8. Configuring Dynamic Translation Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} • Defines a pool of global addresses to be allocated as needed. Router(config)# access-list access-list-number permit source [source-wildcard] • Defines a standard IP ACL permitting those inside local addresses that are to be translated. Router(config)# ip nat inside source list access-list-number pool name • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
  • 9. Dynamic Address Translation Example
  • 10. Overloading an Inside Global Address
  • 11. Configuring Overloading Router(config)# access-list access-list-number permit source source-wildcard • Defines a standard IP ACL that will permit the inside local addresses that are to be translated Router(config)# ip nat inside source list access-list-number interface interface overload • Establishes dynamic source translation, specifying the ACL that was defined in the prior step
  • 12. Overloading an Inside Global Address Example
  • 13. Clearing the NAT Translation Table Router# clear ip nat translation * • Clears all dynamic address translation entries Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation Router# clear ip nat translation outside local-ip global-ip • Clears a simple dynamic translation entry that contains an outside translation Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] • Clears an extended dynamic translation entry
  • 14. Displaying Information with show Commands Router# show ip nat translations • Displays active translations Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- --- Router# show ip nat statistics • Displays translation statistics Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …
  • 15. Sample Problem: Cannot Ping Remote Host
  • 16. Solution: New Configuration
  • 17. Using the debug ip nat Command Router# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
  • 18. Translation Not Installed in the Translation Table? Verify that: • The configuration is correct. • There are not any inbound ACLs denying the packets entry to the NAT router. • The ACL referenced by the NAT command is permitting all necessary networks. • There are enough addresses in the NAT pool. • The router interfaces are appropriately defined as NAT inside or NAT outside.

Related Documents