SlideShare a Scribd company logo

NAT and PAT

M
Muuluu

t

Technology
1 of 18
Managing IP Traffic with ACLs Scaling the Network with NAT and PAT Lecture 7
Outline • Overview • Introducing NAT and PAT • Translating Inside Source Addresses • Overloading an Inside Global Address • Verifying the NAT and PAT Configuration • Troubleshooting the NAT and PAT Configuration • Summary
Network Address Translation • An IP address is either local or global. • Local IP addresses are seen in the inside network.
Port Address Translation
Translating Inside Source Addresses
Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip • Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside • Marks the interface as connected to the inside Router(config-if)# ip nat outside • Marks the interface as connected to the outside
Enabling Static NAT Address Mapping Example
Configuring Dynamic Translation Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} • Defines a pool of global addresses to be allocated as needed. Router(config)# access-list access-list-number permit source [source-wildcard] • Defines a standard IP ACL permitting those inside local addresses that are to be translated. Router(config)# ip nat inside source list access-list-number pool name • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
Dynamic Address Translation Example
Overloading an Inside Global Address
Configuring Overloading Router(config)# access-list access-list-number permit source source-wildcard • Defines a standard IP ACL that will permit the inside local addresses that are to be translated Router(config)# ip nat inside source list access-list-number interface interface overload • Establishes dynamic source translation, specifying the ACL that was defined in the prior step
Overloading an Inside Global Address Example
Clearing the NAT Translation Table Router# clear ip nat translation * • Clears all dynamic address translation entries Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation Router# clear ip nat translation outside local-ip global-ip • Clears a simple dynamic translation entry that contains an outside translation Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] • Clears an extended dynamic translation entry
Displaying Information with show Commands Router# show ip nat translations • Displays active translations Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- --- Router# show ip nat statistics • Displays translation statistics Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …
Sample Problem: Cannot Ping Remote Host
Solution: New Configuration
Using the debug ip nat Command Router# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
Translation Not Installed in the Translation Table? Verify that: • The configuration is correct. • There are not any inbound ACLs denying the packets entry to the NAT router. • The ACL referenced by the NAT command is permitting all necessary networks. • There are enough addresses in the NAT pool. • The router interfaces are appropriately defined as NAT inside or NAT outside.

Recommended

Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
Peter R. Egli
 
Ip addressing
Ip addressingIp addressing
Ip addressing
Online
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
MohamedJafar5
 
Acl
AclAcl
Acl
Raghu Kiran
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
AAA server
AAA serverAAA server
AAA server
hetvi naik
 
Subnetting
SubnettingSubnetting
Subnetting
Gichelle Amon
 

Recommended

Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
Peter R. Egli
 
Ip addressing
Ip addressingIp addressing
Ip addressing
Online
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
MohamedJafar5
 
Acl
AclAcl
Acl
Raghu Kiran
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
AAA server
AAA serverAAA server
AAA server
hetvi naik
 
Subnetting
SubnettingSubnetting
Subnetting
Gichelle Amon
 
Eigrp.ppt
Eigrp.pptEigrp.ppt
Eigrp.ppt
Edgardo Scrimaglia
 
Ip addressing
Ip addressingIp addressing
Ip addressing
sid1322
 
RADIUS
RADIUSRADIUS
RADIUS
amogh_ubale
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
Kishore Kumar
 
Tacacs
TacacsTacacs
Tacacs
1 2d
 
Radius Protocol
Radius ProtocolRadius Protocol
Radius Protocol
Netwax Lab
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAA
dkaya
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
Dhananjay Aloorkar
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
Nil Menon
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Basic Understanding about TCP/IP Addressing system
Basic Understanding about TCP/IP Addressing systemBasic Understanding about TCP/IP Addressing system
Basic Understanding about TCP/IP Addressing system
BharathKumarRaju DasaraRaju
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
Huanetwork
 
Nat
NatNat
Nat
Humaira Saleem
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
Vikash Gangwar
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
kriz5
 
iSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceiSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System Interface
Manoj Singh
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Wide area networks
Wide area networksWide area networks
Wide area networks
Muuluu
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
Muuluu
 

More Related Content

What's hot

Access control list 2
Access control list 2Access control list 2
Access control list 2
Kishore Kumar
 
Tacacs
TacacsTacacs
Tacacs
1 2d
 

What's hot (20)

Eigrp.ppt
Eigrp.pptEigrp.ppt
Eigrp.ppt
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
RADIUS
RADIUSRADIUS
RADIUS
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
 
Tacacs
TacacsTacacs
Tacacs
 
Radius Protocol
Radius ProtocolRadius Protocol
Radius Protocol
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAA
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
 
Basic Understanding about TCP/IP Addressing system
Basic Understanding about TCP/IP Addressing systemBasic Understanding about TCP/IP Addressing system
Basic Understanding about TCP/IP Addressing system
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
 
Nat
NatNat
Nat
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
 
iSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System InterfaceiSCSI: Internet Small Computer System Interface
iSCSI: Internet Small Computer System Interface
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 

Viewers also liked

Wide area networks
Wide area networksWide area networks
Wide area networks
Muuluu
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
Muuluu
 
Лекц 16
Лекц 16Лекц 16
Лекц 16
Muuluu
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
Muuluu
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
Muuluu
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
Muuluu
 
User practical
User practicalUser practical
User practical
Muuluu
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
Muuluu
 
Active directory
Active directoryActive directory
Active directory
Muuluu
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
Muuluu
 
Basic software
Basic software Basic software
Basic software
Muuluu
 
Switch function
Switch functionSwitch function
Switch function
Muuluu
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
Muuluu
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
Өгөгдлийн бүтэц
Өгөгдлийн бүтэцӨгөгдлийн бүтэц
Өгөгдлийн бүтэц
Muuluu
 
2.1 users & groups
2.1 users & groups2.1 users & groups
2.1 users & groups
Muuluu
 
1.1 windows server 2003
1.1 windows server 20031.1 windows server 2003
1.1 windows server 2003
Muuluu
 
Лекц 11
Лекц 11Лекц 11
Лекц 11
Muuluu
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
Muuluu
 

Viewers also liked (20)

Wide area networks
Wide area networksWide area networks
Wide area networks
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
 
Лекц 16
Лекц 16Лекц 16
Лекц 16
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
 
User practical
User practicalUser practical
User practical
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
 
Active directory
Active directoryActive directory
Active directory
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
 
Basic software
Basic software Basic software
Basic software
 
Switch function
Switch functionSwitch function
Switch function
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Өгөгдлийн бүтэц
Өгөгдлийн бүтэцӨгөгдлийн бүтэц
Өгөгдлийн бүтэц
 
windows server 2003
windows server 2003 windows server 2003
windows server 2003
 
2.1 users & groups
2.1 users & groups2.1 users & groups
2.1 users & groups
 
1.1 windows server 2003
1.1 windows server 20031.1 windows server 2003
1.1 windows server 2003
 
Лекц 11
Лекц 11Лекц 11
Лекц 11
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
 

Similar to NAT and PAT

Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
Santanu Mukherjee
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
robertoxe
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
Kishore Kumar
 

Similar to NAT and PAT (20)

Day 17 nat and pat
Day 17 nat and patDay 17 nat and pat
Day 17 nat and pat
 
Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)
 
Icnd210 s07l01
Icnd210 s07l01Icnd210 s07l01
Icnd210 s07l01
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 
Nat
NatNat
Nat
 
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
 
Nat 03
Nat 03Nat 03
Nat 03
 
Nat 07
Nat 07Nat 07
Nat 07
 
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
 
Lan Network with Redundancy.ppt
Lan Network with Redundancy.pptLan Network with Redundancy.ppt
Lan Network with Redundancy.ppt
 
Lan Network with Redundancy
Lan Network with RedundancyLan Network with Redundancy
Lan Network with Redundancy
 
Chapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfChapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdf
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 

More from Muuluu

Lecture 3
Lecture 3Lecture 3
Lecture 3
Muuluu
 
Firewall
FirewallFirewall
Firewall
Muuluu
 
Процессорын архитектур
Процессорын архитектурПроцессорын архитектур
Процессорын архитектур
Muuluu
 
6 network devices
6 network devices6 network devices
6 network devices
Muuluu
 
Бие даалт
Бие даалтБие даалт
Бие даалт
Muuluu
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
Muuluu
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
Muuluu
 
Dns server
Dns serverDns server
Dns server
Muuluu
 
User account policy
User account policyUser account policy
User account policy
Muuluu
 

More from Muuluu (12)

Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Firewall
FirewallFirewall
Firewall
 
Hardware
HardwareHardware
Hardware
 
Процессорын архитектур
Процессорын архитектурПроцессорын архитектур
Процессорын архитектур
 
6 network devices
6 network devices6 network devices
6 network devices
 
Бие даалт
Бие даалтБие даалт
Бие даалт
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
 
Dns server
Dns serverDns server
Dns server
 
User account policy
User account policyUser account policy
User account policy
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

NAT and PAT

  • 1. Managing IP Traffic with ACLs Scaling the Network with NAT and PAT Lecture 7
  • 2. Outline • Overview • Introducing NAT and PAT • Translating Inside Source Addresses • Overloading an Inside Global Address • Verifying the NAT and PAT Configuration • Troubleshooting the NAT and PAT Configuration • Summary
  • 3. Network Address Translation • An IP address is either local or global. • Local IP addresses are seen in the inside network.
  • 6. Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip • Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside • Marks the interface as connected to the inside Router(config-if)# ip nat outside • Marks the interface as connected to the outside
  • 7. Enabling Static NAT Address Mapping Example
  • 8. Configuring Dynamic Translation Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} • Defines a pool of global addresses to be allocated as needed. Router(config)# access-list access-list-number permit source [source-wildcard] • Defines a standard IP ACL permitting those inside local addresses that are to be translated. Router(config)# ip nat inside source list access-list-number pool name • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
  • 10. Overloading an Inside Global Address
  • 11. Configuring Overloading Router(config)# access-list access-list-number permit source source-wildcard • Defines a standard IP ACL that will permit the inside local addresses that are to be translated Router(config)# ip nat inside source list access-list-number interface interface overload • Establishes dynamic source translation, specifying the ACL that was defined in the prior step
  • 12. Overloading an Inside Global Address Example
  • 13. Clearing the NAT Translation Table Router# clear ip nat translation * • Clears all dynamic address translation entries Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation Router# clear ip nat translation outside local-ip global-ip • Clears a simple dynamic translation entry that contains an outside translation Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] • Clears an extended dynamic translation entry
  • 14. Displaying Information with show Commands Router# show ip nat translations • Displays active translations Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- --- Router# show ip nat statistics • Displays translation statistics Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …
  • 15. Sample Problem: Cannot Ping Remote Host
  • 17. Using the debug ip nat Command Router# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
  • 18. Translation Not Installed in the Translation Table? Verify that: • The configuration is correct. • There are not any inbound ACLs denying the packets entry to the NAT router. • The ACL referenced by the NAT command is permitting all necessary networks. • There are enough addresses in the NAT pool. • The router interfaces are appropriately defined as NAT inside or NAT outside.