Nat 07


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Nat 07

  1. 1. INTERNETGuided By :- Presented By :-Mr. Barinder Singh 1
  2. 2. NETMAX TECHNOLOGIES as an organization is established in 2001 in the field of Network Support, Network training, Software training and Embedded systems.NETMAX TECHNOLOGIES also provide Technical Research & Development support and consultancy to some companies. NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems given below:Network Training:  CISCO CCNA, CCNP  RED HAT LINUX 5  WINDOWS 2000, 2003 (MCP,MCSA & MCSE)  MCITP 2008. 2
  3. 3. Software Training: C C++ JAVA ( CORE JAVA & ADVANCE JAVA) .NET (ASP.NET). We provide Technical support and consultancy to electronics companies in the field of Embedded micro controllers like 8 bit and 16 bit family based embedded system design, analog systems design. Power electronics including dc/dc converters, ac/dc converters, thyristor firing based circuit, battery charging and monitor circuits etc. 3
  4. 4. Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses was for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network Address TranslatorLong term solution IPv6 = IPng (IP next generation) Provides an extended address range 5
  5. 5. NAT: Network Address Translator NAT Translates between local addresses and public ones Many private hosts share few global addresses Private Network Public Network Uses private address range Uses public addresses (local addresses) Local addresses may not Public addresses are be used externally globally unique 6
  6. 6.  Inside Local  The term “inside” refers to an address used for a host inside an enterprise. It is the actual IP address assigned to a host in the private enterprise network. Inside Global  NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet.  A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. 7
  7. 7. 8
  8. 8.  Outside Global  The term “outside” refers to an address used for a host outside an enterprise, the Internet.  An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet. Outside Local  NAT uses an outside local address to represent the outside host as the packet is sent through the private network.  This address is outside private, outside host with a private address 9
  9. 9. • An IP address is either local or global.• Local IP addresses are seen in the inside network. 10
  10. 10.  There are different types of NAT that can be used, which are : -  Static NAT  Dynamic NAT  Overloading NAT with PAT (NAPT) 11
  11. 11.  Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network. In static NAT, the computer with the IP address of will always translate to 12
  12. 12.  Dynamic NAT : – Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. In dynamic NAT, the computer with the IP address will translate to the first available address in the range from to 13
  13. 13.  Overloading: - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address (, but with a different port number assignment.. 14
  14. 14. • For each interface you need to configure INSIDE or OUTSIDE A S0 Internet B E0 C R1(config)#Int fastethernet 0/0 R1(config-if)# IP NAT inside R1(config-if)##Int s 0/0 R1(config-if)# IP NAT outside R1(config-if)# Exit R1(config)# ip NAT inside source static To see the table R1(config)#show ip nat translations R1(config)#show ip nat statistics 15
  15. 15. 16
  16. 16.  Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT. The dynamic entry in the NAT table stays in there as long as traffic flows occasionally. If a new packet arrives, and it needs a NAT entry, but all the pooled IP addresses are in use, the router simply discards the packet. 17
  17. 17.  Instead of creating static IP, create a pool of IP Address, Specify a range. Create an access list and permit hosts. Link Access list to the Pool. 18
  18. 18. • For each interface you need to configure INSIDE or OUTSIDE A B E0 S0 Internet C Create an Access List R1(config)# Access-list 1 permit Configure NAT dynamic Pool R1(config)# IP NAT pool pool1 netmask Link Access List to Pool R1(config)# IP NAT inside source list 1 pool pool1 19
  19. 19.  Overloading an inside global address. NAT overload only one global IP shared among all hosts. A E0 S0 InternetC Shared Global IP 20
  20. 20. 21
  21. 21. 22
  22. 22. 23
  23. 23. 24
  24. 24. 25
  25. 25. 26
  26. 26. 27
  27. 27. 28
  28. 28. S0 S0 E0 E0 A B t R2#config tR1(config)# int e 0 R2(config)# int e 0R1(config-if)# ip nat insde R2(config-if)# ip nat insdeR1(config)# int s 0 R2(config)# int s 0R1(config-if)# ip nat outside R2(config-if)# ip nat outsideR1(config)#access-list 1 permit R2(config)#access-list 1 permit nat inside source list 1 interface s 0 overload R2(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or  To see host to host ping configure static or dynamic dynamic routing routingTo check translation To check translation#sh ip nat translations #sh ip nat translations 29
  29. 29.  Each organisation comprises a router, to route the data from and to isp. There are manageable switches in each organisation and we have created separate vlans for servers and internet clients. If we want the communication between the internet clients and servers then we configure inter vlans concept on the router. And if we want to block some internet clients cannot access our servers then we create acl for that particular user. These organisations are linked externally to an isp which provides live(public) ip addresses to each organisation, and isp also provides the internet connections to others.
  30. 30. LOCAL ENVIRONMENT OF ORG. F0/0.1 = vlan 2( ORG 1 F0/0.2 = vlan 3 ( Vlan 2 Vlan 3 Name = SERVER Name = INTERNET
  31. 31. VLAN CONFIGURATATION ORG 1Manageable Switch Vlan 2 Vlan 3 Name = sale Name = mkt
  32. 32. VLAN CONFIGURATATION Switch#vlan database Switch(vlan)#vlan 2 name sale Switch(vlan)#vlan 3 name mkt Switch(vlan)#exit Switch#config t Switch(config)#int range f0/1 - 3 Switch(config-range-if)#switchport access vlan 2 Switch(config-range-if)#exit Switch(config)#int range f0/3 – 4 Switch(config-range-if)#switchport access vlan 3 Switch(config-range-if)#exit Switch(config)#int f0/12 Switch(config-if)#switchport mode trunk
  33. 33.  ORG1(config)#int f0/0 ORG1(config-if)#no sh ORG1(config-if)#exit ORG1(config)#int f0/0.1 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int f0/0.2 ORG1(config-subif)#encapsulation dot1q 3 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address ORG1(config-subif)#no sh ORG1(config-subif)#exit
  34. 34. ISP ENVIRONMENT We have place our web server in the private area so that the internet client cannot directly access it. So, we have configured static nat and open port number 80(http) only. In our organisation our clients want to access internet so we will configure dynamic nat with overload for clients.
  35. 35.  ORG1(config)#ip nat inside source static tcp 80 80
  36. 36.  ORG1(config)#access-list 20 permit any ORG1(config)#ip nat pool netmax netmask ORG1(config)#ip nat inside source list 20 pool netmax overload