Uploaded byMuuluu
3,164 views

NAT and PAT

This document discusses network address translation (NAT) and port address translation (PAT). It provides configuration examples for static NAT, dynamic NAT from an address pool, and overloading NAT using a single global address. Troubleshooting tips are also included such as using the debug ip nat command and checking for issues like incorrect NAT configuration, denied inbound access, permissions in the ACL, available addresses in the pool, and proper interface definitions.

Embed presentation

Managing IP Traffic with ACLs Scaling the Network with NAT and PAT Lecture 7
Outline • Overview • Introducing NAT and PAT • Translating Inside Source Addresses • Overloading an Inside Global Address • Verifying the NAT and PAT Configuration • Troubleshooting the NAT and PAT Configuration • Summary
Network Address Translation • An IP address is either local or global. • Local IP addresses are seen in the inside network.
Port Address Translation
Translating Inside Source Addresses
Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip • Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside • Marks the interface as connected to the inside Router(config-if)# ip nat outside • Marks the interface as connected to the outside
Enabling Static NAT Address Mapping Example
Configuring Dynamic Translation Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} • Defines a pool of global addresses to be allocated as needed. Router(config)# access-list access-list-number permit source [source-wildcard] • Defines a standard IP ACL permitting those inside local addresses that are to be translated. Router(config)# ip nat inside source list access-list-number pool name • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
Dynamic Address Translation Example
Overloading an Inside Global Address
Configuring Overloading Router(config)# access-list access-list-number permit source source-wildcard • Defines a standard IP ACL that will permit the inside local addresses that are to be translated Router(config)# ip nat inside source list access-list-number interface interface overload • Establishes dynamic source translation, specifying the ACL that was defined in the prior step
Overloading an Inside Global Address Example
Clearing the NAT Translation Table Router# clear ip nat translation * • Clears all dynamic address translation entries Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation Router# clear ip nat translation outside local-ip global-ip • Clears a simple dynamic translation entry that contains an outside translation Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] • Clears an extended dynamic translation entry
Displaying Information with show Commands Router# show ip nat translations • Displays active translations Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- --- Router# show ip nat statistics • Displays translation statistics Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …
Sample Problem: Cannot Ping Remote Host
Solution: New Configuration
Using the debug ip nat Command Router# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
Translation Not Installed in the Translation Table? Verify that: • The configuration is correct. • There are not any inbound ACLs denying the packets entry to the NAT router. • The ACL referenced by the NAT command is permitting all necessary networks. • There are enough addresses in the NAT pool. • The router interfaces are appropriately defined as NAT inside or NAT outside.

More Related Content

PPT
Nat pat
byCYBERINTELLIGENTS
 
PDF
Network Address Translation (NAT)
byJoud Khattab
 
PDF
Ccnp workbook network bulls
bySwapnil Kapate
 
PPTX
Presentation on ccna
byHoneyKumar34
 
PDF
Eigrp.ppt
byEdgardo Scrimaglia
 
PDF
Ccna Commands In 10 Minutes
byCCNAResources
 
PDF
Ccnp presentation [Day 1-3] Class
bySagarR24
 
PPTX
Ccna ppt1
byAIRTEL
 
Nat pat
byCYBERINTELLIGENTS
 
Network Address Translation (NAT)
byJoud Khattab
 
Ccnp workbook network bulls
bySwapnil Kapate
 
Presentation on ccna
byHoneyKumar34
 
Eigrp.ppt
byEdgardo Scrimaglia
 
Ccna Commands In 10 Minutes
byCCNAResources
 
Ccnp presentation [Day 1-3] Class
bySagarR24
 
Ccna ppt1
byAIRTEL
 

What's hot

PDF
MPLS L3 VPN Deployment
byAPNIC
 
PPTX
Network address translation
byVarsha Honde
 
PPT
CCNA Basic Switching and Switch Configuration
byDsunte Wilson
 
PDF
CCNA - Routing & Switching Commands
byEng. Emad Al-Atoum
 
PPTX
IP Source Guard
byNetProtocol Xpert
 
PPT
CCNA SUMMER TRAINNING PPT
byNishant Goel
 
PDF
Cisco router-commands
byRobin Rohit
 
PPTX
Introduction to WebRTC
byArt Matsak
 
PPTX
OSPF Fundamental
byReza Farahani
 
PPTX
GRE Tunnel Configuration
byNetProtocol Xpert
 
PDF
Ether channel fundamentals
byEdgardo Scrimaglia
 
PPTX
IOT Protocols
byNagesh Rao
 
PPT
Vlan
byMayank Saxena
 
PPTX
DHCP Snooping
byNetProtocol Xpert
 
PPT
Spanning tree protocol
byMuuluu
 
PPTX
Presentasi MIKROTIK ROUTERBOARD
byBayu Febry Valentino
 
PPTX
Spanning tree protocol
byhazimalghalayini
 
PDF
Ospf.ppt
byEdgardo Scrimaglia
 
PDF
Virtual Extensible LAN (VXLAN)
byKHNOG
 
PPTX
DSR Protocol
by@zenafaris91
 
MPLS L3 VPN Deployment
byAPNIC
 
Network address translation
byVarsha Honde
 
CCNA Basic Switching and Switch Configuration
byDsunte Wilson
 
CCNA - Routing & Switching Commands
byEng. Emad Al-Atoum
 
IP Source Guard
byNetProtocol Xpert
 
CCNA SUMMER TRAINNING PPT
byNishant Goel
 
Cisco router-commands
byRobin Rohit
 
Introduction to WebRTC
byArt Matsak
 
OSPF Fundamental
byReza Farahani
 
GRE Tunnel Configuration
byNetProtocol Xpert
 
Ether channel fundamentals
byEdgardo Scrimaglia
 
IOT Protocols
byNagesh Rao
 
Vlan
byMayank Saxena
 
DHCP Snooping
byNetProtocol Xpert
 
Spanning tree protocol
byMuuluu
 
Presentasi MIKROTIK ROUTERBOARD
byBayu Febry Valentino
 
Spanning tree protocol
byhazimalghalayini
 
Ospf.ppt
byEdgardo Scrimaglia
 
Virtual Extensible LAN (VXLAN)
byKHNOG
 
DSR Protocol
by@zenafaris91
 

Viewers also liked

PPT
2.1 users & groups
byMuuluu
 
PPT
Switch function
byMuuluu
 
PPT
Active directory
byMuuluu
 
PDF
Лекц 11
byMuuluu
 
PDF
Basic software
byMuuluu
 
PPTX
Лекц 10
byMuuluu
 
PPTX
Лекц 14
byMuuluu
 
PPTX
Лекц 12
byMuuluu
 
PPT
User practical
byMuuluu
 
PPT
windows server 2003
byMuuluu
 
PPT
Wide area networks
byMuuluu
 
PPTX
Өгөгдлийн бүтэц
byMuuluu
 
DOCX
Лекц 13
byMuuluu
 
PPTX
Лекц 15
byMuuluu
 
PPT
1.1 windows server 2003
byMuuluu
 
PDF
Лекц 14
byMuuluu
 
PDF
Лекц 13
byMuuluu
 
PDF
Лекц 16
byMuuluu
 
PDF
Лекц 15
byMuuluu
 
PDF
Лекц 12
byMuuluu
 
2.1 users & groups
byMuuluu
 
Switch function
byMuuluu
 
Active directory
byMuuluu
 
Лекц 11
byMuuluu
 
Basic software
byMuuluu
 
Лекц 10
byMuuluu
 
Лекц 14
byMuuluu
 
Лекц 12
byMuuluu
 
User practical
byMuuluu
 
windows server 2003
byMuuluu
 
Wide area networks
byMuuluu
 
Өгөгдлийн бүтэц
byMuuluu
 
Лекц 13
byMuuluu
 
Лекц 15
byMuuluu
 
1.1 windows server 2003
byMuuluu
 
Лекц 14
byMuuluu
 
Лекц 13
byMuuluu
 
Лекц 16
byMuuluu
 
Лекц 15
byMuuluu
 
Лекц 12
byMuuluu
 

Similar to NAT and PAT

PDF
NAT (network address translation) & PAT (port address translation)
byNetwax Lab
 
PPTX
Nat
byElshan86
 
PDF
NAT Ccna
bysinghsukdeep
 
PDF
NAT- Network Address Translation
byEng. Emad Al-Atoum
 
PPTX
Basic ASA Configuration, NAT in ASA Firewall
byNetProtocol Xpert
 
PPT
Day 17 nat and pat
byCYBERINTELLIGENTS
 
DOCX
How to configure static nat on cisco routers
byIT Tech
 
PPT
Day 17.1 nat pat (2)
byCYBERINTELLIGENTS
 
PPTX
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
byWaqas Ahmed Nawaz
 
PDF
Chapter 5-Network Address Translation.pdf
byBuntha Chhay
 
PDF
Nat cisco
bymoonmanik
 
PDF
Nat
bySwapnil Kapate
 
PPT
Day 17.1 nat pat
byCYBERINTELLIGENTS
 
PPT
Icnd210 s07l01
bycomputerlenguyen
 
PPT
Chapter11ccna
byernestlithur
 
PPT
Chapter11ccna
byrobertoxe
 
PDF
Nat
bysaul calle espinoza
 
PPTX
Network address translations
byShahzad shareef
 
PPT
CCNA CHAPTER 12 BY jetarvind kumar madhukar
byALLCAD Services Pvt Limited
 
PDF
Nat
byMohamed Gamel
 
NAT (network address translation) & PAT (port address translation)
byNetwax Lab
 
Nat
byElshan86
 
NAT Ccna
bysinghsukdeep
 
NAT- Network Address Translation
byEng. Emad Al-Atoum
 
Basic ASA Configuration, NAT in ASA Firewall
byNetProtocol Xpert
 
Day 17 nat and pat
byCYBERINTELLIGENTS
 
How to configure static nat on cisco routers
byIT Tech
 
Day 17.1 nat pat (2)
byCYBERINTELLIGENTS
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
byWaqas Ahmed Nawaz
 
Chapter 5-Network Address Translation.pdf
byBuntha Chhay
 
Nat cisco
bymoonmanik
 
Nat
bySwapnil Kapate
 
Day 17.1 nat pat
byCYBERINTELLIGENTS
 
Icnd210 s07l01
bycomputerlenguyen
 
Chapter11ccna
byernestlithur
 
Chapter11ccna
byrobertoxe
 
Nat
bysaul calle espinoza
 
Network address translations
byShahzad shareef
 
CCNA CHAPTER 12 BY jetarvind kumar madhukar
byALLCAD Services Pvt Limited
 
Nat
byMohamed Gamel
 

More from Muuluu

PPT
Switch configuration
byMuuluu
 
PPT
Switch configuration
byMuuluu
 
DOC
Dns server
byMuuluu
 
PPTX
6 network devices
byMuuluu
 
PPTX
Lecture 5
byMuuluu
 
PPT
User account policy
byMuuluu
 
PPTX
Lecture 2
byMuuluu
 
PPTX
Процессорын архитектур
byMuuluu
 
PDF
Hardware
byMuuluu
 
DOC
Firewall
byMuuluu
 
PDF
Бие даалт
byMuuluu
 
PPTX
Lecture 3
byMuuluu
 
Switch configuration
byMuuluu
 
Switch configuration
byMuuluu
 
Dns server
byMuuluu
 
6 network devices
byMuuluu
 
Lecture 5
byMuuluu
 
User account policy
byMuuluu
 
Lecture 2
byMuuluu
 
Процессорын архитектур
byMuuluu
 
Hardware
byMuuluu
 
Firewall
byMuuluu
 
Бие даалт
byMuuluu
 
Lecture 3
byMuuluu
 

Recently uploaded

PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PPTX
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PPTX
Accelerate Innovation with Engineering R&D Services
byChetu
 
PPTX
AI_Architecture_for_Chatbots_Corporate.pptx
bywrksmith9
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
January Patch Tuesday
byIvanti
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
Accelerate Innovation with Engineering R&D Services
byChetu
 
AI_Architecture_for_Chatbots_Corporate.pptx
bywrksmith9
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 

NAT and PAT

  • 1.
    Managing IP Trafficwith ACLs Scaling the Network with NAT and PAT Lecture 7
  • 2.
    Outline • Overview • Introducing NAT and PAT • Translating Inside Source Addresses • Overloading an Inside Global Address • Verifying the NAT and PAT Configuration • Troubleshooting the NAT and PAT Configuration • Summary
  • 3.
    Network Address Translation • An IP address is either local or global. • Local IP addresses are seen in the inside network.
  • 4.
  • 5.
  • 6.
    Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip • Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside • Marks the interface as connected to the inside Router(config-if)# ip nat outside • Marks the interface as connected to the outside
  • 7.
    Enabling Static NAT Address Mapping Example
  • 8.
    Configuring Dynamic Translation Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} • Defines a pool of global addresses to be allocated as needed. Router(config)# access-list access-list-number permit source [source-wildcard] • Defines a standard IP ACL permitting those inside local addresses that are to be translated. Router(config)# ip nat inside source list access-list-number pool name • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
  • 9.
  • 10.
    Overloading an InsideGlobal Address
  • 11.
    Configuring Overloading Router(config)#access-list access-list-number permit source source-wildcard • Defines a standard IP ACL that will permit the inside local addresses that are to be translated Router(config)# ip nat inside source list access-list-number interface interface overload • Establishes dynamic source translation, specifying the ACL that was defined in the prior step
  • 12.
    Overloading an Inside Global Address Example
  • 13.
    Clearing the NATTranslation Table Router# clear ip nat translation * • Clears all dynamic address translation entries Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation Router# clear ip nat translation outside local-ip global-ip • Clears a simple dynamic translation entry that contains an outside translation Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] • Clears an extended dynamic translation entry
  • 14.
    Displaying Information withshow Commands Router# show ip nat translations • Displays active translations Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- --- Router# show ip nat statistics • Displays translation statistics Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …
  • 15.
    Sample Problem: Cannot Ping Remote Host
  • 16.
  • 17.
    Using the debugip nat Command Router# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
  • 18.
    Translation Not Installedin the Translation Table? Verify that: • The configuration is correct. • There are not any inbound ACLs denying the packets entry to the NAT router. • The ACL referenced by the NAT command is permitting all necessary networks. • There are enough addresses in the NAT pool. • The router interfaces are appropriately defined as NAT inside or NAT outside.