Your SlideShare is downloading. ×
0
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Nat 03
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Nat 03

206

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
206
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Like static NAT, the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. However, the mapping of an inside local address to an inside global address happens dynamically.
  • There should be router 2600 configured To verify whether router supports IP NAT static go to config and # IP NAT inside source ? (there should be a static Entry) Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 200.0.0.1, need not to connect any cables, configure IP and no shut then see the above commands
  • There should be router 2600 configured Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 200.0.0.1, need not to connect any cables, configure IP and no shut then see the above commands
  • Can have 65000 concurrent connection sharing one connection
  • Transcript

    • 1. 1Guided By :-Mr. Barinder SinghPresented By :-INTERNET
    • 2. NETMAX TECHNOLOGIES as an organization is established in 2001 in thefield of Network Support, Network training, Software training and Embeddedsystems.NETMAX TECHNOLOGIES also provide Technical Research & Developmentsupport and consultancy to some companies. NETMAX TECHNOLOGIESprovide the following Courses in IT & Embedded Systems given below:Network Training: CISCO CCNA, CCNP RED HAT LINUX 5 WINDOWS 2000, 2003 (MCP,MCSA & MCSE) MCITP 2008.2
    • 3. Software Training:CC++JAVA ( CORE JAVA & ADVANCE JAVA).NET (ASP.NET).We provide Technical support and consultancy to electronicscompanies in the field of Embedded micro controllers like 8 bit and16 bit family based embedded system design, analog systems design.Power electronics including dc/dc converters, ac/dc converters,thyristor firing based circuit, battery charging and monitor circuitsetc.3
    • 4. 5Problems with IPv4Shortage of IPv4 addressesAllocation of the last IPv4 addresses was for the year 2005Address classes were replaced by usage of CIDR, but this is not sufficientShort term solutionNAT: Network Address TranslatorLong term solutionIPv6 = IPng (IP next generation)Provides an extended address range
    • 5. 6NAT: Network Address TranslatorNAT: Network Address TranslatorNATTranslates between local addresses and public onesMany private hosts share few global addressesPublic NetworkUses public addressesPublic addresses areglobally uniquePrivate NetworkUses private address range(local addresses)Local addresses may notbe used externally
    • 6.  Inside Local The term “inside” refers to an address used for a host inside anenterprise. It is the actual IP address assigned to a host in the privateenterprise network. Inside Global NAT uses an inside global address to represent the inside host as thepacket is sent through the outside network, typically the Internet. A NAT router changes the source IP address of a packet sent by aninside host from an inside local address to an inside global address asthe packet goes from the inside to the outside network.7
    • 7. 8
    • 8.  Outside Global The term “outside” refers to an address used for a host outside anenterprise, the Internet. An outside global is the actual IP address assigned to a host thatresides in the outside network, typically the Internet. Outside Local NAT uses an outside local address to represent the outside host asthe packet is sent through the private network. This address is outside private, outside host with a private address9
    • 9. 10• An IP address is either local or global.• Local IP addresses are seen in the inside network.
    • 10.  There are different types of NAT that can be used,which are : - Static NAT Dynamic NAT Overloading NAT with PAT (NAPT)11
    • 11.  Static NAT - Mapping an unregistered IP address to a registeredIP address on a one-to-one basis. Particularly useful when adevice needs to be accessible from outside the network. In static NAT, the computer with the IP address of 192.168.32.10will always translate to 213.18.123.110.12
    • 12.  Dynamic NAT : –Maps an unregistered IP address to a registered IPaddress from a group of registered IP addresses. In dynamic NAT, the computer with the IP address 192.168.32.10will translate to the first available address in the range from213.18.123.100 to 213.18.123.150.13
    • 13.  Overloading: - A form of dynamic NAT that maps multiple unregistered IPaddresses to a single registered IP address by using different ports. This isknown also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to thesame IP address (213.18.123.100), but with a different port numberassignment..14
    • 14. 15• For each interface you need to configure INSIDE or OUTSIDEBA 10.0.0.1200.0.0.110.0.0.210.0.0.310.0.0.254R1(config)#Int fastethernet 0/0R1(config-if)# IP NAT insideR1(config-if)##Int s 0/0R1(config-if)# IP NAT outsideR1(config-if)# ExitR1(config)# ip NAT inside source static 10.0.0.1 200.0.0.1To see the tableR1(config)#show ip nat translationsR1(config)#show ip nat statisticsE0 S0 InternetC
    • 15. 16
    • 16.  Dynamic NAT sets up a pool of possible inside globaladdresses and defines criteria for the set of inside local IPaddresses whose traffic should be translated with NAT. The dynamic entry in the NAT table stays in there as longas traffic flows occasionally. If a new packet arrives, and it needs a NAT entry, but allthe pooled IP addresses are in use, the router simplydiscards the packet.17
    • 17. Instead of creating static IP, create a pool of IP Address,Specify a range.Create an access list and permit hosts.Link Access list to the Pool.18
    • 18. 19• For each interface you need to configure INSIDE or OUTSIDES0200.0.0.1/200.0.0.254InternetE0BA 10.0.0.1C10.0.0.210.0.0.310.0.0.254Create an Access ListR1(config)# Access-list 1 permit 10.0.0.0 0.255.255.255Configure NAT dynamic PoolR1(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0Link Access List to PoolR1(config)# IP NAT inside source list 1 pool pool1
    • 19.  Overloading an inside global address. NAT overload only one global IP shared among all hosts.20BA 10.0.0.1C10.0.0.210.0.0.310.0.0.254E0200.0.0.1Shared Global IP200.0.0.1:1025200.0.0.1:1026200.0.0.1:1027InternetS0
    • 20. 21
    • 21. 22
    • 22. 23
    • 23. 24
    • 24. 25
    • 25. 26
    • 26. 27
    • 27. 28
    • 28. R1#config tR1(config)# int e 0R1(config-if)# ip nat insdeR1(config)# int s 0R1(config-if)# ip nat outsideR1(config)#access-list 1 permit 192.168.10.0 0.0.0.255R1(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static ordynamic routingTo check translation#sh ip nat translations29R2#config tR2(config)# int e 0R2(config-if)# ip nat insdeR2(config)# int s 0R2(config-if)# ip nat outsideR2(config)#access-list 1 permit 192.168.20.0 0.0.0.255R2(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or dynamicroutingTo check translation#sh ip nat translationsS0S0E0192.168.10.2A B200.0.0.2192.168.10.1200.0.0.1192.168.20.2192.168.20.1E0
    • 29. Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in each organisationand we have created separate vlans for servers and internetclients.If we want the communication between the internet clients andservers then we configure inter vlans concept on the router.And if we want to block some internet clients cannot accessour servers then we create acl for that particular user.These organisations are linked externally to an isp whichprovides live(public) ip addresses to each organisation, and ispalso provides the internet connections to others.
    • 30. LOCAL ENVIRONMENT OF ORG.LOCAL ENVIRONMENT OF ORG.ORG 1Vlan 2Name = SERVERVlan 3Name = INTERNETF0/0.1 = vlan 2(10.0.0.0/8)F0/0.2 = vlan 3 (192.168.10.0/24)
    • 31. VLAN CONFIGURATATIONVLAN CONFIGURATATIONVlan 2Name = sale10.0.0.0/8Vlan 3Name = mkt192.168.10.0/24ORG 1Manageable Switch
    • 32. VLAN CONFIGURATATIONVLAN CONFIGURATATIONSwitch#vlan databaseSwitch(vlan)#vlan 2 name saleSwitch(vlan)#vlan 3 name mktSwitch(vlan)#exitSwitch#config tSwitch(config)#int range f0/1 - 3Switch(config-range-if)#switchport access vlan 2Switch(config-range-if)#exitSwitch(config)#int range f0/3 – 4Switch(config-range-if)#switchport access vlan 3Switch(config-range-if)#exitSwitch(config)#int f0/12Switch(config-if)#switchport mode trunk
    • 33.  ORG1(config)#int f0/0 ORG1(config-if)#no sh ORG1(config-if)#exit ORG1(config)#int f0/0.1 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 10.0.0.1 255.0.0.0 ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int f0/0.2 ORG1(config-subif)#encapsulation dot1q 3 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 192.168.10.1 255.255.255.240 ORG1(config-subif)#no sh ORG1(config-subif)#exit
    • 34. ISP ENVIRONMENTWe have place our web server inthe private area so that theinternet client cannot directlyaccess it. So, we have configuredstatic nat and open port number80(http) only.In our organisation our clientswant to access internet so we willconfigure dynamic nat withoverload for clients.
    • 35. ORG1(config)#ip nat inside source static tcp 10.0.0.280 200.10.10.17 80
    • 36. ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18200.10.10.18 netmask 255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmaxoverload

    ×