• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Nat 07
 

Nat 07

on

  • 234 views

 

Statistics

Views

Total Views
234
Views on SlideShare
234
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Nat 07 Nat 07 Presentation Transcript

    • INTERNETGuided By :- Presented By :-Mr. Barinder Singh 1
    • NETMAX TECHNOLOGIES as an organization is established in 2001 in the field of Network Support, Network training, Software training and Embedded systems.NETMAX TECHNOLOGIES also provide Technical Research & Development support and consultancy to some companies. NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems given below:Network Training:  CISCO CCNA, CCNP  RED HAT LINUX 5  WINDOWS 2000, 2003 (MCP,MCSA & MCSE)  MCITP 2008. 2
    • Software Training: C C++ JAVA ( CORE JAVA & ADVANCE JAVA) .NET (ASP.NET). We provide Technical support and consultancy to electronics companies in the field of Embedded micro controllers like 8 bit and 16 bit family based embedded system design, analog systems design. Power electronics including dc/dc converters, ac/dc converters, thyristor firing based circuit, battery charging and monitor circuits etc. 3
    • Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses was for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network Address TranslatorLong term solution IPv6 = IPng (IP next generation) Provides an extended address range 5
    • NAT: Network Address Translator NAT Translates between local addresses and public ones Many private hosts share few global addresses Private Network Public Network Uses private address range Uses public addresses (local addresses) Local addresses may not Public addresses are be used externally globally unique 6
    •  Inside Local  The term “inside” refers to an address used for a host inside an enterprise. It is the actual IP address assigned to a host in the private enterprise network. Inside Global  NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet.  A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. 7
    • 8
    •  Outside Global  The term “outside” refers to an address used for a host outside an enterprise, the Internet.  An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet. Outside Local  NAT uses an outside local address to represent the outside host as the packet is sent through the private network.  This address is outside private, outside host with a private address 9
    • • An IP address is either local or global.• Local IP addresses are seen in the inside network. 10
    •  There are different types of NAT that can be used, which are : -  Static NAT  Dynamic NAT  Overloading NAT with PAT (NAPT) 11
    •  Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network. In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110. 12
    •  Dynamic NAT : – Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. In dynamic NAT, the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150. 13
    •  Overloading: - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address (213.18.123.100), but with a different port number assignment.. 14
    • • For each interface you need to configure INSIDE or OUTSIDE A 10.0.0.1 10.0.0.254 200.0.0.1 10.0.0.2 S0 Internet B E0 C 10.0.0.3 R1(config)#Int fastethernet 0/0 R1(config-if)# IP NAT inside R1(config-if)##Int s 0/0 R1(config-if)# IP NAT outside R1(config-if)# Exit R1(config)# ip NAT inside source static 10.0.0.1 200.0.0.1 To see the table R1(config)#show ip nat translations R1(config)#show ip nat statistics 15
    • 16
    •  Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT. The dynamic entry in the NAT table stays in there as long as traffic flows occasionally. If a new packet arrives, and it needs a NAT entry, but all the pooled IP addresses are in use, the router simply discards the packet. 17
    •  Instead of creating static IP, create a pool of IP Address, Specify a range. Create an access list and permit hosts. Link Access list to the Pool. 18
    • • For each interface you need to configure INSIDE or OUTSIDE A 10.0.0.1 200.0.0.1/200.0.0.254 10.0.0.2 10.0.0.254 B E0 S0 Internet C 10.0.0.3 Create an Access List R1(config)# Access-list 1 permit 10.0.0.0 0.255.255.255 Configure NAT dynamic Pool R1(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0 Link Access List to Pool R1(config)# IP NAT inside source list 1 pool pool1 19
    •  Overloading an inside global address. NAT overload only one global IP shared among all hosts. 200.0.0.1:1025 A 10.0.0.1 200.0.0.1:1026 200.0.0.1:1027 10.0.0.2 10.0.0.254B 200.0.0.1 E0 S0 InternetC 10.0.0.3 Shared Global IP 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • S0 S0 192.168.10.1 E0 E0 192.168.20.1 A B 192.168.10.2 192.168.20.2R1#config t R2#config tR1(config)# int e 0 R2(config)# int e 0R1(config-if)# ip nat insde R2(config-if)# ip nat insdeR1(config)# int s 0 R2(config)# int s 0R1(config-if)# ip nat outside R2(config-if)# ip nat outsideR1(config)#access-list 1 permit 192.168.10.0 0.0.0.255 R2(config)#access-list 1 permit 192.168.20.0 0.0.0.255R1(config)#ip nat inside source list 1 interface s 0 overload R2(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or  To see host to host ping configure static or dynamic dynamic routing routingTo check translation To check translation#sh ip nat translations #sh ip nat translations 29
    •  Each organisation comprises a router, to route the data from and to isp. There are manageable switches in each organisation and we have created separate vlans for servers and internet clients. If we want the communication between the internet clients and servers then we configure inter vlans concept on the router. And if we want to block some internet clients cannot access our servers then we create acl for that particular user. These organisations are linked externally to an isp which provides live(public) ip addresses to each organisation, and isp also provides the internet connections to others.
    • LOCAL ENVIRONMENT OF ORG. F0/0.1 = vlan 2(10.0.0.0/8) ORG 1 F0/0.2 = vlan 3 (192.168.10.0/24) Vlan 2 Vlan 3 Name = SERVER Name = INTERNET
    • VLAN CONFIGURATATION ORG 1Manageable Switch Vlan 2 Vlan 3 Name = sale Name = mkt 10.0.0.0/8 192.168.10.0/24
    • VLAN CONFIGURATATION Switch#vlan database Switch(vlan)#vlan 2 name sale Switch(vlan)#vlan 3 name mkt Switch(vlan)#exit Switch#config t Switch(config)#int range f0/1 - 3 Switch(config-range-if)#switchport access vlan 2 Switch(config-range-if)#exit Switch(config)#int range f0/3 – 4 Switch(config-range-if)#switchport access vlan 3 Switch(config-range-if)#exit Switch(config)#int f0/12 Switch(config-if)#switchport mode trunk
    •  ORG1(config)#int f0/0 ORG1(config-if)#no sh ORG1(config-if)#exit ORG1(config)#int f0/0.1 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 10.0.0.1 255.0.0.0 ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int f0/0.2 ORG1(config-subif)#encapsulation dot1q 3 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 192.168.10.1 255.255.255.240 ORG1(config-subif)#no sh ORG1(config-subif)#exit
    • ISP ENVIRONMENT We have place our web server in the private area so that the internet client cannot directly access it. So, we have configured static nat and open port number 80(http) only. In our organisation our clients want to access internet so we will configure dynamic nat with overload for clients.
    •  ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80
    •  ORG1(config)#access-list 20 permit any ORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask 255.255.255.240 ORG1(config)#ip nat inside source list 20 pool netmax overload