This document discusses network address translation (NAT) features and how to design a secure NAT network. It describes different types of NAT including static, dynamic, and masquerading NAT. When implementing NAT, considerations include network size, security needs, location, IP addressing, and data flow rates. Securing the NAT network involves using routing/remote access filters, address pools, special ports, and VPN connections. The optimal design devotes one machine to act as the NAT server, connecting over persistent routes with multiple internet connections to enhance performance and availability.

1. Session 6 NAT Network Design

2. Features offered by routing are Internal network invisibility Existing network integration Internet and internal network traffic restriction Encryption and authentication add more security through Routing and Remote Access Static and dynamic routing are the two types of routing strategies Windows operating system offers certain TCP/IP tools that enable to troubleshoot routing problems: Ping.exe Tracert.exe Pathping.exe Review

3. Objectives Explain different types of NAT Describe NAT features Implement NAT Design the NAT Network Secure the NAT Network Enhance the NAT Network Design

4. Types of NAT NAT is a protocol that connects computers on the internal network to other networks and to the Internet Different types of NAT are: Static NAT : Translates unregistered IP addresses to an equal number of registered addresses so that each client uses the same address Dynamic NAT : Translates each unregistered computer to a registered one Masquerading : Translates all the unregistered IP addresses on the network to a single registered IP address

5. NAT features Internal IP Address and Public IP Address - Hides the internal network IP address from the Internet IP Address Configuration - Provides automatic IP address configuration to the clients in the internal network Name Resolution - Provides a name resolution feature that forwards the name queries Secure Internal Resources - Uses a specific port for each specific internal IP address

6. NAT implementation NAT features can be used effectively to meet a Network Design Main consideration while designing NAT Network are: Size of the network Kind of security needed by the organization

7. Design the NAT Network We must provide two network interfaces to the NAT server, one that is used for the internal network and the other for the Internet We need to consider the following while implementing NAT: Location IP Address Rate of Data Flow and Persistence

8. Automatic IP Address Configuration NAT provides automatic IP address configuration to all the DHCP compliant clients in the internal network This feature is utilized under the following conditions: DHCP provides the IP address in the network Only one single non-routed subnet NAT clients have to be configured to receive their IP addresses from the NAT server

9. Securing the NAT Network NAT implementations mostly depend on the Masquerading technique for security NAT provides security to the internal resources of the organization by default The number of registered IP addresses are minimized

10. Securing the NAT Network Contd… Security can be improved by using: Routing and Remote Access Filters Address pools and special ports to permit internal resource access VPN connections

11. Routing and Remote Access Filters We can restrict internal or Internet access by specifying routing and remote access IP filters for all interfaces of the NAT server IP filters restrict access based on the IP address range and protocol (either incoming or outgoing)

12. Address Pools and Special Ports Access can be specified for certain computers and applications by creating client reservations for IP addresses and mapping special ports

13. VPN Connections Used to restrict resource access Provides user authentication and data encryption

14. Enhancing NAT Network Design We must use one machine as the NAT server This machine always connects over persistent routes and uses many internet connections Benefits of using one dedicated machine as the NAT server are: Server characteristics Persistent connection Multiple internet connections

15. Summary NAT is included in the Routing and Remote Access and aims to provide internet connection and protect internal resources Steps involved in designing the NAT network are NAT integration for the network and selecting options in the NAT server Location, IP Address, Rate of Data Flow, and Persistence influence the design of the NAT network

16. Summary Contd… Using Routing and Remote Access filters, Address pools and special ports to permit internal resource access and VPN connections can improve security We must devote one machine to the NAT server, always connecting over persistent routes to increase the performance and availability of NAT NAT computer is configured to act as the DHCP computer for the computers on the internal network

17. Summary Contd… We can configure the dynamic IP Address Assignment for private network clients from the Address Assignment tab in the NAT/Basic Firewall Properties dialog box Name Resolution is configured from the Name Resolution tab in the NAT/Basic Firewall Properties dialog box Masquerading technique of NAT is used to increase the NAT Network Security