Like static NAT, the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. However, the mapping of an inside local address to an inside global address happens dynamically.
There should be router 2600 configured To verify whether router supports IP NAT static go to config and # IP NAT inside source ? (there should be a static Entry) Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 18.104.22.168, need not to connect any cables, configure IP and no shut then see the above commands
There should be router 2600 configured Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 22.214.171.124, need not to connect any cables, configure IP and no shut then see the above commands
Can have 65000 concurrent connection sharing one connection
1Guided By :-Mr. Barinder SinghPresented By :-INTERNET
NETMAX TECHNOLOGIES as an organization is established in 2001 in thefield of Network Support, Network training, Software training and Embeddedsystems.NETMAX TECHNOLOGIES also provide Technical Research & Developmentsupport and consultancy to some companies. NETMAX TECHNOLOGIESprovide the following Courses in IT & Embedded Systems given below:Network Training: CISCO CCNA, CCNP RED HAT LINUX 5 WINDOWS 2000, 2003 (MCP,MCSA & MCSE) MCITP 2008.2
Software Training:CC++JAVA ( CORE JAVA & ADVANCE JAVA).NET (ASP.NET).We provide Technical support and consultancy to electronicscompanies in the field of Embedded micro controllers like 8 bit and16 bit family based embedded system design, analog systems design.Power electronics including dc/dc converters, ac/dc converters,thyristor firing based circuit, battery charging and monitor circuitsetc.3
5Problems with IPv4Shortage of IPv4 addressesAllocation of the last IPv4 addresses was for the year 2005Address classes were replaced by usage of CIDR, but this is not sufficientShort term solutionNAT: Network Address TranslatorLong term solutionIPv6 = IPng (IP next generation)Provides an extended address range
6NAT: Network Address TranslatorNAT: Network Address TranslatorNATTranslates between local addresses and public onesMany private hosts share few global addressesPublic NetworkUses public addressesPublic addresses areglobally uniquePrivate NetworkUses private address range(local addresses)Local addresses may notbe used externally
Inside Local The term “inside” refers to an address used for a host inside anenterprise. It is the actual IP address assigned to a host in the privateenterprise network. Inside Global NAT uses an inside global address to represent the inside host as thepacket is sent through the outside network, typically the Internet. A NAT router changes the source IP address of a packet sent by aninside host from an inside local address to an inside global address asthe packet goes from the inside to the outside network.7
Outside Global The term “outside” refers to an address used for a host outside anenterprise, the Internet. An outside global is the actual IP address assigned to a host thatresides in the outside network, typically the Internet. Outside Local NAT uses an outside local address to represent the outside host asthe packet is sent through the private network. This address is outside private, outside host with a private address9
10• An IP address is either local or global.• Local IP addresses are seen in the inside network.
There are different types of NAT that can be used,which are : - Static NAT Dynamic NAT Overloading NAT with PAT (NAPT)11
Static NAT - Mapping an unregistered IP address to a registeredIP address on a one-to-one basis. Particularly useful when adevice needs to be accessible from outside the network. In static NAT, the computer with the IP address of 192.168.32.10will always translate to 126.96.36.199.12
Dynamic NAT : –Maps an unregistered IP address to a registered IPaddress from a group of registered IP addresses. In dynamic NAT, the computer with the IP address 192.168.32.10will translate to the first available address in the range from188.8.131.52 to 184.108.40.206.13
Overloading: - A form of dynamic NAT that maps multiple unregistered IPaddresses to a single registered IP address by using different ports. This isknown also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to thesame IP address (220.127.116.11), but with a different port numberassignment..14
15• For each interface you need to configure INSIDE or OUTSIDEBA 10.0.0.1200.0.0.110.0.0.210.0.0.310.0.0.254R1(config)#Int fastethernet 0/0R1(config-if)# IP NAT insideR1(config-if)##Int s 0/0R1(config-if)# IP NAT outsideR1(config-if)# ExitR1(config)# ip NAT inside source static 10.0.0.1 18.104.22.168To see the tableR1(config)#show ip nat translationsR1(config)#show ip nat statisticsE0 S0 InternetC
Dynamic NAT sets up a pool of possible inside globaladdresses and defines criteria for the set of inside local IPaddresses whose traffic should be translated with NAT. The dynamic entry in the NAT table stays in there as longas traffic flows occasionally. If a new packet arrives, and it needs a NAT entry, but allthe pooled IP addresses are in use, the router simplydiscards the packet.17
Instead of creating static IP, create a pool of IP Address,Specify a range.Create an access list and permit hosts.Link Access list to the Pool.18
19• For each interface you need to configure INSIDE or OUTSIDES022.214.171.124/126.96.36.199InternetE0BA 10.0.0.1C10.0.0.210.0.0.310.0.0.254Create an Access ListR1(config)# Access-list 1 permit 10.0.0.0 0.255.255.255Configure NAT dynamic PoolR1(config)# IP NAT pool pool1 188.8.131.52 184.108.40.206 netmask 255.255.255.0Link Access List to PoolR1(config)# IP NAT inside source list 1 pool pool1
Overloading an inside global address. NAT overload only one global IP shared among all hosts.20BA 10.0.0.1C10.0.0.210.0.0.310.0.0.254E0220.127.116.11Shared Global IP18.104.22.168:102522.214.171.124:1026126.96.36.199:1027InternetS0
R1#config tR1(config)# int e 0R1(config-if)# ip nat insdeR1(config)# int s 0R1(config-if)# ip nat outsideR1(config)#access-list 1 permit 192.168.10.0 0.0.0.255R1(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static ordynamic routingTo check translation#sh ip nat translations29R2#config tR2(config)# int e 0R2(config-if)# ip nat insdeR2(config)# int s 0R2(config-if)# ip nat outsideR2(config)#access-list 1 permit 192.168.20.0 0.0.0.255R2(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or dynamicroutingTo check translation#sh ip nat translationsS0S0E0192.168.10.2A B188.8.131.52184.108.40.2060.0.0.119220.127.116.1118.104.22.168E0
Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in each organisationand we have created separate vlans for servers and internetclients.If we want the communication between the internet clients andservers then we configure inter vlans concept on the router.And if we want to block some internet clients cannot accessour servers then we create acl for that particular user.These organisations are linked externally to an isp whichprovides live(public) ip addresses to each organisation, and ispalso provides the internet connections to others.
LOCAL ENVIRONMENT OF ORG.LOCAL ENVIRONMENT OF ORG.ORG 1Vlan 2Name = SERVERVlan 3Name = INTERNETF0/0.1 = vlan 2(10.0.0.0/8)F0/0.2 = vlan 3 (192.168.10.0/24)
ISP ENVIRONMENTWe have place our web server inthe private area so that theinternet client cannot directlyaccess it. So, we have configuredstatic nat and open port number80(http) only.In our organisation our clientswant to access internet so we willconfigure dynamic nat withoverload for clients.