Session 6 Tp 6


Published on

Published in: Technology
  • Be the first to comment

Session 6 Tp 6

  1. 1. Session 6 NAT Network Design
  2. 2. <ul><li>Features offered by routing are </li></ul><ul><ul><li>Internal network invisibility </li></ul></ul><ul><ul><li>Existing network integration </li></ul></ul><ul><ul><li>Internet and internal network traffic restriction </li></ul></ul><ul><li>Encryption and authentication add more security through Routing and Remote Access </li></ul><ul><li>Static and dynamic routing are the two types of routing strategies </li></ul><ul><li>Windows operating system offers certain TCP/IP tools that enable to troubleshoot routing problems: </li></ul><ul><ul><li>Ping.exe </li></ul></ul><ul><ul><li>Tracert.exe </li></ul></ul><ul><ul><li>Pathping.exe </li></ul></ul>Review
  3. 3. Objectives <ul><li>Explain different types of NAT </li></ul><ul><li>Describe NAT features </li></ul><ul><li>Implement NAT </li></ul><ul><li>Design the NAT Network </li></ul><ul><li>Secure the NAT Network </li></ul><ul><li>Enhance the NAT Network Design </li></ul>
  4. 4. Types of NAT <ul><li>NAT is a protocol that connects computers on the internal network to other networks and to the Internet </li></ul><ul><li>Different types of NAT are: </li></ul><ul><ul><li>Static NAT : Translates unregistered IP addresses to an equal number of registered addresses so that each client uses the same address </li></ul></ul><ul><ul><li>Dynamic NAT : Translates each unregistered computer to a registered one </li></ul></ul><ul><ul><li>Masquerading : Translates all the unregistered IP addresses on the network to a single registered IP address </li></ul></ul>
  5. 5. NAT features <ul><li>Internal IP Address and Public IP Address - Hides the internal network IP address from the Internet </li></ul><ul><li>IP Address Configuration - Provides automatic IP address configuration to the clients in the internal network </li></ul><ul><li>Name Resolution - Provides a name resolution feature that forwards the name queries </li></ul><ul><li>Secure Internal Resources - Uses a specific port for each specific internal IP address </li></ul>
  6. 6. NAT implementation <ul><li>NAT features can be used effectively to meet a Network Design </li></ul><ul><li>Main consideration while designing NAT Network are: </li></ul><ul><ul><li>Size of the network </li></ul></ul><ul><ul><li>Kind of security needed by the organization </li></ul></ul>
  7. 7. Design the NAT Network <ul><li>We must provide two network interfaces to the NAT server, one that is used for the internal network and the other for the Internet </li></ul><ul><li>We need to consider the following while implementing NAT: </li></ul><ul><ul><li>Location </li></ul></ul><ul><ul><li>IP Address </li></ul></ul><ul><ul><li>Rate of Data Flow and Persistence </li></ul></ul>
  8. 8. Automatic IP Address Configuration <ul><li>NAT provides automatic IP address configuration to all the DHCP compliant clients in the internal network </li></ul><ul><li>This feature is utilized under the following conditions: </li></ul><ul><ul><li>DHCP provides the IP address in the network </li></ul></ul><ul><ul><li>Only one single non-routed subnet </li></ul></ul><ul><li>NAT clients have to be configured to receive their IP addresses from the NAT server </li></ul>
  9. 9. Securing the NAT Network <ul><li>NAT implementations mostly depend on the Masquerading technique for security </li></ul><ul><li>NAT provides security to the internal resources of the organization by default </li></ul><ul><li>The number of registered IP addresses are minimized </li></ul>
  10. 10. Securing the NAT Network Contd… <ul><li>Security can be improved by using: </li></ul><ul><ul><li>Routing and Remote Access Filters </li></ul></ul><ul><ul><li>Address pools and special ports to permit internal resource access </li></ul></ul><ul><ul><li>VPN connections </li></ul></ul>
  11. 11. Routing and Remote Access Filters <ul><li>We can restrict internal or Internet access by specifying routing and remote access IP filters for all interfaces of the NAT server </li></ul><ul><li>IP filters restrict access based on the IP address range and protocol (either incoming or outgoing) </li></ul>
  12. 12. Address Pools and Special Ports <ul><li>Access can be specified for certain computers and applications by creating client reservations for IP addresses and mapping special ports </li></ul>
  13. 13. VPN Connections <ul><li>Used to restrict resource access </li></ul><ul><li>Provides user authentication and data encryption </li></ul>
  14. 14. Enhancing NAT Network Design <ul><li>We must use one machine as the NAT server </li></ul><ul><li>This machine always connects over persistent routes and uses many internet connections </li></ul><ul><li>Benefits of using one dedicated machine as the NAT server are: </li></ul><ul><ul><li>Server characteristics </li></ul></ul><ul><ul><li>Persistent connection </li></ul></ul><ul><ul><li>Multiple internet connections </li></ul></ul>
  15. 15. Summary <ul><li>NAT is included in the Routing and Remote Access and aims to provide internet connection and protect internal resources </li></ul><ul><li>Steps involved in designing the NAT network are NAT integration for the network and selecting options in the NAT server </li></ul><ul><li>Location, IP Address, Rate of Data Flow, and Persistence influence the design of the NAT network </li></ul>
  16. 16. Summary Contd… <ul><li>Using Routing and Remote Access filters, Address pools and special ports to permit internal resource access and VPN connections can improve security </li></ul><ul><li>We must devote one machine to the NAT server, always connecting over persistent routes to increase the performance and availability of NAT </li></ul><ul><li>NAT computer is configured to act as the DHCP computer for the computers on the internal network </li></ul>
  17. 17. Summary Contd… <ul><li>We can configure the dynamic IP Address Assignment for private network clients from the Address Assignment tab in the NAT/Basic Firewall Properties dialog box </li></ul><ul><li>Name Resolution is configured from the Name Resolution tab in the NAT/Basic Firewall Properties dialog box </li></ul><ul><li>Masquerading technique of NAT is used to increase the NAT Network Security </li></ul>