NAT Scneario

1,592 views

Published on

NAT configuration (Static & Dynamic)

Published in: Technology, Education
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,592
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
208
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

NAT Scneario

  1. 1. LOGO CCNA Tehran Institute of Technology Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014
  2. 2. Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014 Tehran Institute of Technology Contents 1. Introduction to NAT 2. Static NAT 3. Dynamic NAT
  3. 3. Introduction to NAT  Before identifying NAT Technology we need know some about address types in real world networks. Private Address Public Address Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  4. 4. Private VS Public  The public addresses are used to reach to the internet. » because they can be routed on internet.  But the private addresses are used within an organization only. » because they can not be routed. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  5. 5. Using NAT benefits  With NAT, we can use private address millions of times all over the world and still can be access to the internet. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  6. 6. Security tips on NAT  For securtiy reasons,  NAT also provide hiding your network from the outside of the world. Because the remote node that you connect by internet, only knows your public address, not the real internal address of your pc.  NAT provide the translation from  private address to the public address. We are connecting internet with our private address, but in real at the backplane it is doing this with a public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  7. 7. NAT Types • Static NAT • Dynamic NAT • PAT(Port Address Translation) or NAT Overload  Static NAT is the type that is used for one-to-one translation of ports or addresses, Dynamic NAT is the type that is used with a public address pool, and works with more than one public address, PAT is the type that translates the outbound traffic of internal nodes to unique port numbers of a single public address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  8. 8. Keywords on NAT Inside local : Your PC’s private address, Inside global : Public address assigned to your PC, Outside local : Outside host’s public address, Outside global: Same address as the outside local, necessary to translate an outside address to an private address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  9. 9. How NAT works? At the example above there are different addresses. For PC A, these address are: • Inside Local Address - 10.1.1.10 • Inside Global Address - 55.1.1.1 • Outside Global Address – 99.1.1.2 • Outside Local Address – 99.1.1.2 Here the PC A ’s configured address, 10.1.1.10 is the inside global address. When this PC wants to go to the internet, it will use the Router A ‘s publica address, using PAT. So the inside global address of PC A is 55.1.1.1. Suring comunication with PC B, PC A access only PC B ‘s outside global address, 99.1.1.2 Tehran Institute of Technology
  10. 10. LOGO Static NAT Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  11. 11. Define Topology For static NAT configuration, we will use the below topology. Let’s firstly define our routers. Think R1 router as your local router. And R2 as a router on Internet. Finally RouterA will be our NAT configured router. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  12. 12. Define Topology Firslt you must configure interface ip addresses on three of these routers.And then you must give the static route from both ends to others. After ping from both end successfull to other end, then it is ready for our NAT configuration. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  13. 13. Define Topology R1 R1 # conf terminal R1 (config)# int f0/0 R1 (config-if)# ip address 192.168.0.1 255.255.255.0 R1 (config-if)# no shut R1 (config-if)# exit R1 (config)# ip route 10.10.10.0 255.255.255.0 192.168.0.2 R1 (config)# exit R1 # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  14. 14. Define Topology www.Win2Farsi.com R2 R2 # conf terminal R2 (config)# int f0/0 R2 (config-if)# ip address 10.10.10.1 255.255.255.0 R2 (config-if)# no shut R2 (config-if)# exit R2 (config)# ip route 192.168.0.0 255.255.255.0 10.10.10.2 R2 (config)# exit R2 # copy run start Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  15. 15. Define Topology RouterA RouterA # conf terminal RouterA (config)# int f0/0 RouterA (config-if)# ip address 192.168.0.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# exit RouterA (config)# int f0/1 RouterA (config-if)# ip address 10.10.10.2 255.255.255.0 RouterA (config-if)# no shut RouterA (config-if)# end RouterA # copy run start Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  16. 16. Verify Configurations  R1 # ping 10.10.10.1 R2 # ping 192.168.0.1  Here, lets give “ debug ip packet” command on R2 and ping R1 to R2. Asyou can see below, the source address will be R1’s fa0/0 interface address and the destination address will be the R2’s fa0/0 address. After NAT configuration this source address will be change as RouterA’s fa0/1 interface ip address. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  17. 17. Verify Configurations  And lastly for the mapping, private to public, we need an extra command on Router A.  Router A (config)# ip nat inside source static 192.168.0.1 10.10.10.2  After configuring the RouterA with this command, let’s ping R1 to R2 again and check the debug ip packet command output. Here, as you can see below, the new source ip address is the ip address of RouterA’s fa0/1 interface. Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  18. 18. LOGO Dynamic NAT Course name: Cisco CCNA Instructor: Mansour.nch Senior @ Tehran Institute of Technology Copyright 2014
  19. 19. Scenario www.Win2Farsi.com ISP A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the Company LAN have been assigned private space addresses in the range of192.168.100.17 – 192.168.100.30.
  20. 20. Scenario  The following have already been configured on the router:  - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco”  The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.  Configuration information Router name – Weaver Inside global addresses – 198.18.184.105 198.18.184.110/29 Inside local addresses – 192.168.100.17 – 192.168.100.30/28 Number of inside hosts – 14 Tehran Institute of Technology Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014
  21. 21. Solution (step by step) 1. What the IP Addressing of scenario ISP The Local Area Network has been assigned addresses – > 192.168.100.17 to 192.168.100.30 and the subnet mask used, is /28 OR 255.255.255.240 Private IPs Tehran Institute of Technology
  22. 22. Solution (step by step) What the IP Addressing of scenario? ISP We need to translate these LAN addresses into 198.18.184.105 – 198.18.184.110 Public IPs Tehran Institute of Technology
  23. 23. Solution (step by step) So, Problem with IP addressing? ISP The company has 14 hosts in the LAN that need to access the Internet simultaneously but we just have 6 public IPs. So we need to configure NAT overloading or Port Address Translation (PAT). Tehran Institute of Technology
  24. 24. Solution (step by step) ISP Step 1: Create a standard access-list that specifies the Private IPs to be translated i.e., 192.168.100.17 – 192.168.100.30 Step 2: Create a POOL of Public IPs to be allocated i.e., 198.18.184.105 – 198.18.184.110 Step 3: Use “ip nat inside source ….” command to link the ACCESS- LIST and POOL so that NAT overloading can be performed. Step 4: Use ip nat inside and ip nat outside command on fastEthernet and Serial interfaces respectively. Tehran Institute of Technology
  25. 25. Solution (step by step)  To access the Weaver Router Click on Console PC —-> Desktop —-> Terminal — -> OK  Router>enable Router#configure terminal  Change the router’s name to Weaver as given in the LAB Router(config)#hostname Weaver  Create a NAT pool of global addresses to be allocated with the subnet mask. Weaver(config)#ip nat pool NHPOOL 198.18.184.105 198.18.184.110 netmask 255.255.255.248 ISP Tehran Institute of Technology
  26. 26. Solution (step by step)  Create a standard access control list that permits the Private addresses OR the addresses that are to be translated. Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15 ISP Tehran Institute of Technology
  27. 27. Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology
  28. 28. Solution (step by step)  Perform NAT overloading by specifying the access-list and pool defined in the prior steps. This command translates all inside local addresses that pass access list 1, into an address from the pool named NHPOOL. Weaver(config)#ip nat inside source list 10 pool NHPOOL overload  As mentioned in LAB that the ip nat inside and ip nat outside commands have been configured already so we don’t need to configure it again on FastEthernet0/0 and Serial0/0respectively.  Copy running configuration into startup configuration. Weaver#copy running-config startup-config ISP Tehran Institute of Technology
  29. 29. Solution (step by step)  To verify your LAB the Click on Host for Testing —-> Desktop —-> Command Prompt  C:>ping 192.0.2.114 The ping should work well and you will be replied from 192.0.2.114  Issue “show ip nat translation“ command on Weaver Router to verify the translation. ISP
  30. 30. LOGO Tehran Institute of Technology www.Win2Farsi.com Course name: CCNA Instructor: Mansour.nch Email: Powerst.basu@gmail.com Tel: +98 – 935 658 9590 Senior @ Tehran Institute of Technology Copyright 2014

×