SlideShare a Scribd company logo

Network address translations

Download as PPTX, PDF
S
Shahzad shareef

NAT enables private IP networks to connect to the public Internet by allowing private IP addresses to be translated to public IP addresses. There are three main types of NAT: static NAT maps individual private IPs to public IPs manually; dynamic NAT maps private IPs to public IPs automatically from address pools; and PAT maps multiple private IPs and ports to a single public IP and port numbers to distinguish connections. NAT allows private addressing in local networks while also connecting to the public Internet using public IP addresses.

Technology
1 of 30
When communicating to devices in a public network, your device needs to use a source address that is a public address. NAT device enables private IPv4 to connect to the Internet. NAT enable you to change an IP address in a packet to a different address. Usually, NAT connects two networks and translates the private (inside local) addresses into public addresses (inside global) before packets are forwarded to another network. In other word Address translation allows you to translate your internal private addresses to public addresses before these packets leave your network
Situation where you should use NAT •Your ISP did not provide you sufficient public IP address •Your company is going to merge in a company which use same address space •Where you want to hide your internal IP address space from outside You want to assign the same IP address to multiple machines
There are three types of NAT Static/dynamic/pat •Static:In static NAT manual translation is performed by an address translation device, translating one IP address to a different one. If you have 100 devices, you need to create 100 static entries in the address translation table.Typically, static translation is done for inside resources that outside people want to access
Dynamic NAT is mostly used when inside users needs to access outside resources. The global address assigned to the internal user isn't important, since outside devices don't directly connect to your internal users they just return traffic to them that the inside user requested. Dynamic NAT is used when inside use wants to access external resource. When an inside user sends traffic through the address translation device, say a router, it examines the source IP address and compares it to the internal local address pool. If it finds a match, then it determines which inside global address pool it should use for the translation. It then dynamically picks an address in the global address pool that is not currently assigned to an inside device. The router adds this entry in its address translation table, the packet is translated, and the packet is then sent to the outside world. If no matching entry is found in the local address pool, the address is not translated and is forwarded to the outside world in its original state. When returning traffic comes back into your network, the address translation device examines the destination IP addresses and checks them against the address translation table. Upon finding a matching entry, it converts the global inside address to the local inside address in the destination IP address field of the packet header and forwards the packet to the inside network
With PAT, all devices that go through the address translation device have the same global IP address assigned to them, so the source TCP or UDP port numbers are used to differentiate the different connections. If two devices have the same source port number, the translation device changes one of them to ensure uniqueness. Major difference between NAT and PAT is In NAT Only IP addresses are translated (not port numbers).
Disadvantages of Address Translation Three main disadvantage with address translation are: •Each connection has an added delay. •Troubleshooting is more difficult. Not all applications work with address translation
Term Explanation Inside Addresses located on the inside of your network Outside Addresses located outside of your network Local The IP address physically assigned to a device Global The public IP address physically or logically assigned to a device Inside local IP address The IPv4 address that is assigned to a host on the inside network Inside global IP address A legitimate IPv4 address assigned by the ISP that represents one or more inside local IPv4 addresses to the outside world Outside global IP address An outside device with a registered public IP address Outside local IP address An outside device with an assigned private IP address Static NAT A manual address translation is performed between two addresses and possibly port numbers. Dynamic NAT An address translation device automatically performs address translation between two addresses and possibly port numbers. Port Address Translation (PAT) Many inside IP addresses are translated to a single IP address, where each inside address is given a different TCP or UDP port number for uniqueness. Address Translation Terms and Types
How to configure NAT Configuration of static NAT is very straight forward. In this example we have a web server connected with Router 1. Our web server is using the IP address 10.0.0.2. But due to various reasons discussed in previous article our company want to use 50.0.0.1 IP address for this server. Now our task is to configure NAT on Router 1 which translate 10.0.0.2 [ inside local web server address] to 50.0.0.1 [ inside global ip address ].a
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.1 R1(config)#ip nat inside source static 10.0.0.2 50.0.0.1 R1(config)#int fa 0/0 R1(config-if)#ip nat inside R1(config)#int s 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit
Now configure R0 exactly given here R0(config- if)#bandwidth 64 R0(config-if)#exit R0(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2
As you have seen in configuration there is not direct route for 10.0.0.2. So PC from network of 30.0.0.0 will never know about it. They will access 50.0.0.1 as the web server IP. To test it double click on any computer and ping from 50.0.0.1 and you will get replay.
Now ping from 10.0.0.2 and you will get destination host unreachable error. PC>ping 10.0.0.2 Pinging 10.0.0.2 with 32 bytes of data: Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable.
Step by Step Configuration of Dynamic NAT With dynamic NAT, you must manually define two sets of addresses on your address translation device. One set defines which inside addresses are allowed to be translated (the local addresses), and the other defines what these addresses are to be translated to (the global addresses).
In this example our internal network is using 192.168.0.0 network. We have five public ip address 50.0.0.1 to 50.0.0.5 to use. Router1(1841 Router0) is going to be NAT device. Double click on Router1(1841 Router0) and configure it as given below
R0(config-if)#bandwidth 64 R0(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 R0(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R0(config)#ip nat pool test 50.0.0.1 50.0.0.5 netmask 255.0.0.0 R1(config)#ip nat inside source list 1 pool test R1(config)#interface fastEthernet 0/0 R1(config-if)#ip nat inside R1(config-if)#exit R1(config)#interface serial 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit
Now double click on R2(1841 Router1) and configure Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 Router(config)#hostna me R2
For testing of NAT go R1 and enable debug for NAT from privilege mode R1#debug ip nat Now go on pc and ping to 20.0.0.2
When ICMP ping packet reach to R1. It examines its source address against the access list 1. As this packet is generated form the network of 192.168.0.0 so it will pass the access list. Now router will check NAT pools for free address to translate with this address. Which you can check in the output of debag command in R1
IP NAT debugging is on NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] As you can see in output 192.168.0.5 is translate with 50.0.0.1 before leaving the router
Now check for web access from any client pc In real life its best practices to turn off debug after testing so go on Router 1 and turn off debug mode. R1#no debug ip nat IP NAT debugging is off R1#
Step by Step Configuration of PAT In dynamics Nat translations is made IP to IP. so you need as much global IP address as you have inside local address. That's an issue if you have few global IP address and hundred of inside local address to translate. In such a situation you need to use PAT. For demonstration we are going to configure the same topology which we used in dynamic NAT but this time we are using only one global IP address 50.0.0.1
IP address of PC are already configured double click on R1 and configured it as given here Now configure to R2 as given below
Router(config)#hostname R1 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config)#interface serial 0/0/0 R1(config-if)#ip address 30.0.0.1 255.0.0.0 R1(config-if)#clock rate 64000 R1(config-if)#bandwidth 64 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R1(config)#ip nat pool test 50.0.0.1 50.0.0.1 netmask 255.0.0.0 R1(config)#ip nat inside source list 1 pool test overload R1(config)#interface fastEthernet 0/0 R1(config-if)#ip nat inside R1(config-if)#exit R1(config)#interface serial 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit R1(config)#
Now configure to R2 as given below Router>enable Router#configure terminal Router(config)#interface serial 0/0/0 Router(config-if)#ip address 30.0.0.2 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip address 20.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#hostname R2 R2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 Now go on pc and ping to 20.0.0.2
To verify PAT go on R1 and run show ip nat translations R1#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 50.0.0.1:1 192.168.0.7:1 20.0.0.2:1 20.0.0.2:1 icmp 50.0.0.1:2 192.168.0.7:2 20.0.0.2:2 20.0.0.2:2 icmp 50.0.0.1:3 192.168.0.7:3 20.0.0.2:3 20.0.0.2:3 icmp 50.0.0.1:4 192.168.0.7:4 20.0.0.2:4 20.0.0.2:4 As you can see this time address translation is done with port address instead of IP

Recommended

Nat presentation
Nat presentationNat presentation
Nat presentation
hassoon3
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
Nad710 Network Address Translation
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translation
tmavroidis
 
Network address translation
Network address translationNetwork address translation
Network address translation
Karppinen Ngoc Anh
 

Recommended

Nat presentation
Nat presentationNat presentation
Nat presentation
hassoon3
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
Nad710 Network Address Translation
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translation
tmavroidis
 
Network address translation
Network address translationNetwork address translation
Network address translation
Karppinen Ngoc Anh
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Static NAT
Static NATStatic NAT
Static NAT
NetProtocol Xpert
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Digicomp Academy AG
 
NAT_Final
NAT_FinalNAT_Final
NAT_Final
Pratik Bhide
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Nat
NatNat
Nat
Elshan86
 
DHCP basics
DHCP basicsDHCP basics
DHCP basics
Mansi Kansara
 
IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour Discovery
Heba_a
 
Nat
NatNat
Nat
Mohamed Gamel
 
Itep
ItepItep
Itep
Sofia Palawan
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arp
Raafat younis
 
Networking
NetworkingNetworking
Networking
Tarun Jaiswal
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
Mustafa Qamar-ud-Din
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 
Zero configuration networks
Zero configuration networksZero configuration networks
Zero configuration networks
Shashwat Shriparv
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
1991shalu
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)
Netwax Lab
 
Nat cisco
Nat ciscoNat cisco
Nat cisco
moonmanik
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 

More Related Content

What's hot

NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Static NAT
Static NATStatic NAT
Static NAT
NetProtocol Xpert
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Digicomp Academy AG
 
NAT_Final
NAT_FinalNAT_Final
NAT_Final
Pratik Bhide
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Nat
NatNat
Nat
Elshan86
 
DHCP basics
DHCP basicsDHCP basics
DHCP basics
Mansi Kansara
 
IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour Discovery
Heba_a
 
Nat
NatNat
Nat
Mohamed Gamel
 
Itep
ItepItep
Itep
Sofia Palawan
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arp
Raafat younis
 
Networking
NetworkingNetworking
Networking
Tarun Jaiswal
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
Mustafa Qamar-ud-Din
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 
Zero configuration networks
Zero configuration networksZero configuration networks
Zero configuration networks
Shashwat Shriparv
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
1991shalu
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)
Netwax Lab
 

What's hot (20)

NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
 
Static NAT
Static NATStatic NAT
Static NAT
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
 
NAT_Final
NAT_FinalNAT_Final
NAT_Final
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Nat
NatNat
Nat
 
DHCP basics
DHCP basicsDHCP basics
DHCP basics
 
IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour Discovery
 
Nat
NatNat
Nat
 
Itep
ItepItep
Itep
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arp
 
Networking
NetworkingNetworking
Networking
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
 
Zero configuration networks
Zero configuration networksZero configuration networks
Zero configuration networks
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)
 

Similar to Network address translations

Nat cisco
Nat ciscoNat cisco
Nat cisco
moonmanik
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
Nat 03
Nat 03Nat 03
Nat 03
Davinder Chauhan
 
networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptx
zmulani8
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
Eng. Emad Al-Atoum
 
Nat 07
Nat 07Nat 07
Nat 07
Davinder Chauhan
 
Module (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptxModule (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptx
GeorgeThoreJr
 
Skip to Main content.docx
Skip to Main content.docxSkip to Main content.docx
Skip to Main content.docx
TUYAMBAZEJEANCLAUDE1
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
Aalap Tripathy
 
Network Address Port Translation. Residential Network connections vi.pdf
Network Address Port Translation. Residential Network connections vi.pdfNetwork Address Port Translation. Residential Network connections vi.pdf
Network Address Port Translation. Residential Network connections vi.pdf
shalins6
 
Packet Tracer: Nat protocol
Packet Tracer: Nat protocolPacket Tracer: Nat protocol
Packet Tracer: Nat protocol
Rafat Khandaker
 
Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)
CYBERINTELLIGENTS
 
Installation Of An Iso Image Dvd
Installation Of An Iso Image DvdInstallation Of An Iso Image Dvd
Installation Of An Iso Image Dvd
Susan Cox
 
NAT
NATNAT
NAT
Surinder Kaur
 
Nat
NatNat
Nat
lyndyv
 
Describe how a NAT (Network Address Translator) works. Be sure to in.pdf
Describe how a NAT (Network Address Translator) works. Be sure to in.pdfDescribe how a NAT (Network Address Translator) works. Be sure to in.pdf
Describe how a NAT (Network Address Translator) works. Be sure to in.pdf
arishmarketing21
 
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptxDHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
MUHAMMADATTAURREHMAN7
 
How to configure a router
How to configure a router How to configure a router
How to configure a router
IT Tech
 
Nat
NatNat
Nat
saul calle espinoza
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ip
Tũi Wichets
 

Similar to Network address translations (20)

Nat cisco
Nat ciscoNat cisco
Nat cisco
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Nat 03
Nat 03Nat 03
Nat 03
 
networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptx
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
 
Nat 07
Nat 07Nat 07
Nat 07
 
Module (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptxModule (10) NAT for IPV4.pptx
Module (10) NAT for IPV4.pptx
 
Skip to Main content.docx
Skip to Main content.docxSkip to Main content.docx
Skip to Main content.docx
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
Network Address Port Translation. Residential Network connections vi.pdf
Network Address Port Translation. Residential Network connections vi.pdfNetwork Address Port Translation. Residential Network connections vi.pdf
Network Address Port Translation. Residential Network connections vi.pdf
 
Packet Tracer: Nat protocol
Packet Tracer: Nat protocolPacket Tracer: Nat protocol
Packet Tracer: Nat protocol
 
Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)
 
Installation Of An Iso Image Dvd
Installation Of An Iso Image DvdInstallation Of An Iso Image Dvd
Installation Of An Iso Image Dvd
 
NAT
NATNAT
NAT
 
Nat
NatNat
Nat
 
Describe how a NAT (Network Address Translator) works. Be sure to in.pdf
Describe how a NAT (Network Address Translator) works. Be sure to in.pdfDescribe how a NAT (Network Address Translator) works. Be sure to in.pdf
Describe how a NAT (Network Address Translator) works. Be sure to in.pdf
 
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptxDHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
 
How to configure a router
How to configure a router How to configure a router
How to configure a router
 
Nat
NatNat
Nat
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ip
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

Network address translations

  • 1. When communicating to devices in a public network, your device needs to use a source address that is a public address. NAT device enables private IPv4 to connect to the Internet. NAT enable you to change an IP address in a packet to a different address. Usually, NAT connects two networks and translates the private (inside local) addresses into public addresses (inside global) before packets are forwarded to another network. In other word Address translation allows you to translate your internal private addresses to public addresses before these packets leave your network
  • 2. Situation where you should use NAT •Your ISP did not provide you sufficient public IP address •Your company is going to merge in a company which use same address space •Where you want to hide your internal IP address space from outside You want to assign the same IP address to multiple machines
  • 3. There are three types of NAT Static/dynamic/pat •Static:In static NAT manual translation is performed by an address translation device, translating one IP address to a different one. If you have 100 devices, you need to create 100 static entries in the address translation table.Typically, static translation is done for inside resources that outside people want to access
  • 4. Dynamic NAT is mostly used when inside users needs to access outside resources. The global address assigned to the internal user isn't important, since outside devices don't directly connect to your internal users they just return traffic to them that the inside user requested. Dynamic NAT is used when inside use wants to access external resource. When an inside user sends traffic through the address translation device, say a router, it examines the source IP address and compares it to the internal local address pool. If it finds a match, then it determines which inside global address pool it should use for the translation. It then dynamically picks an address in the global address pool that is not currently assigned to an inside device. The router adds this entry in its address translation table, the packet is translated, and the packet is then sent to the outside world. If no matching entry is found in the local address pool, the address is not translated and is forwarded to the outside world in its original state. When returning traffic comes back into your network, the address translation device examines the destination IP addresses and checks them against the address translation table. Upon finding a matching entry, it converts the global inside address to the local inside address in the destination IP address field of the packet header and forwards the packet to the inside network
  • 5.
  • 6. With PAT, all devices that go through the address translation device have the same global IP address assigned to them, so the source TCP or UDP port numbers are used to differentiate the different connections. If two devices have the same source port number, the translation device changes one of them to ensure uniqueness. Major difference between NAT and PAT is In NAT Only IP addresses are translated (not port numbers).
  • 7. Disadvantages of Address Translation Three main disadvantage with address translation are: •Each connection has an added delay. •Troubleshooting is more difficult. Not all applications work with address translation
  • 8. Term Explanation Inside Addresses located on the inside of your network Outside Addresses located outside of your network Local The IP address physically assigned to a device Global The public IP address physically or logically assigned to a device Inside local IP address The IPv4 address that is assigned to a host on the inside network Inside global IP address A legitimate IPv4 address assigned by the ISP that represents one or more inside local IPv4 addresses to the outside world Outside global IP address An outside device with a registered public IP address Outside local IP address An outside device with an assigned private IP address Static NAT A manual address translation is performed between two addresses and possibly port numbers. Dynamic NAT An address translation device automatically performs address translation between two addresses and possibly port numbers. Port Address Translation (PAT) Many inside IP addresses are translated to a single IP address, where each inside address is given a different TCP or UDP port number for uniqueness. Address Translation Terms and Types
  • 9. How to configure NAT Configuration of static NAT is very straight forward. In this example we have a web server connected with Router 1. Our web server is using the IP address 10.0.0.2. But due to various reasons discussed in previous article our company want to use 50.0.0.1 IP address for this server. Now our task is to configure NAT on Router 1 which translate 10.0.0.2 [ inside local web server address] to 50.0.0.1 [ inside global ip address ].a
  • 10.
  • 11. R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.1 R1(config)#ip nat inside source static 10.0.0.2 50.0.0.1 R1(config)#int fa 0/0 R1(config-if)#ip nat inside R1(config)#int s 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit
  • 12. Now configure R0 exactly given here R0(config- if)#bandwidth 64 R0(config-if)#exit R0(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2
  • 13. As you have seen in configuration there is not direct route for 10.0.0.2. So PC from network of 30.0.0.0 will never know about it. They will access 50.0.0.1 as the web server IP. To test it double click on any computer and ping from 50.0.0.1 and you will get replay.
  • 14. Now ping from 10.0.0.2 and you will get destination host unreachable error. PC>ping 10.0.0.2 Pinging 10.0.0.2 with 32 bytes of data: Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable. Reply from 30.0.0.1: Destination host unreachable.
  • 15.
  • 16. Step by Step Configuration of Dynamic NAT With dynamic NAT, you must manually define two sets of addresses on your address translation device. One set defines which inside addresses are allowed to be translated (the local addresses), and the other defines what these addresses are to be translated to (the global addresses).
  • 17.
  • 18. In this example our internal network is using 192.168.0.0 network. We have five public ip address 50.0.0.1 to 50.0.0.5 to use. Router1(1841 Router0) is going to be NAT device. Double click on Router1(1841 Router0) and configure it as given below
  • 19. R0(config-if)#bandwidth 64 R0(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 R0(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R0(config)#ip nat pool test 50.0.0.1 50.0.0.5 netmask 255.0.0.0 R1(config)#ip nat inside source list 1 pool test R1(config)#interface fastEthernet 0/0 R1(config-if)#ip nat inside R1(config-if)#exit R1(config)#interface serial 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit
  • 20. Now double click on R2(1841 Router1) and configure Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 Router(config)#hostna me R2
  • 21. For testing of NAT go R1 and enable debug for NAT from privilege mode R1#debug ip nat Now go on pc and ping to 20.0.0.2
  • 22. When ICMP ping packet reach to R1. It examines its source address against the access list 1. As this packet is generated form the network of 192.168.0.0 so it will pass the access list. Now router will check NAT pools for free address to translate with this address. Which you can check in the output of debag command in R1
  • 23. IP NAT debugging is on NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] NAT: s=192.168.0.7->50.0.0.1, d=20.0.0.2[1] NAT*: s=20.0.0.2, d=50.0.0.1->192.168.0.7[1] As you can see in output 192.168.0.5 is translate with 50.0.0.1 before leaving the router
  • 24. Now check for web access from any client pc In real life its best practices to turn off debug after testing so go on Router 1 and turn off debug mode. R1#no debug ip nat IP NAT debugging is off R1#
  • 25. Step by Step Configuration of PAT In dynamics Nat translations is made IP to IP. so you need as much global IP address as you have inside local address. That's an issue if you have few global IP address and hundred of inside local address to translate. In such a situation you need to use PAT. For demonstration we are going to configure the same topology which we used in dynamic NAT but this time we are using only one global IP address 50.0.0.1
  • 26.
  • 27. IP address of PC are already configured double click on R1 and configured it as given here Now configure to R2 as given below
  • 28. Router(config)#hostname R1 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config)#interface serial 0/0/0 R1(config-if)#ip address 30.0.0.1 255.0.0.0 R1(config-if)#clock rate 64000 R1(config-if)#bandwidth 64 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R1(config)#ip nat pool test 50.0.0.1 50.0.0.1 netmask 255.0.0.0 R1(config)#ip nat inside source list 1 pool test overload R1(config)#interface fastEthernet 0/0 R1(config-if)#ip nat inside R1(config-if)#exit R1(config)#interface serial 0/0/0 R1(config-if)#ip nat outside R1(config-if)#exit R1(config)#
  • 29. Now configure to R2 as given below Router>enable Router#configure terminal Router(config)#interface serial 0/0/0 Router(config-if)#ip address 30.0.0.2 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip address 20.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#hostname R2 R2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0 Now go on pc and ping to 20.0.0.2
  • 30. To verify PAT go on R1 and run show ip nat translations R1#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 50.0.0.1:1 192.168.0.7:1 20.0.0.2:1 20.0.0.2:1 icmp 50.0.0.1:2 192.168.0.7:2 20.0.0.2:2 20.0.0.2:2 icmp 50.0.0.1:3 192.168.0.7:3 20.0.0.2:3 20.0.0.2:3 icmp 50.0.0.1:4 192.168.0.7:4 20.0.0.2:4 20.0.0.2:4 As you can see this time address translation is done with port address instead of IP