NETWORK ADDRESS TRANSLATION
NAT
is used to translate a private IP address into a public IP address. If you want
to access the internet then you need a public IP address, if we are using a private
IP address in our LAN network then we have to configure NAT on our router so that
NAT can translate private IP range with Public address because Private IP
addresses can not travel over the internet.
The development of NAT resolved two major issues in IT
networking-
1. To
handle a shortage of IPv4 addresses.
2. Hide
network address schemes.
·
Internet users and small companies typically
get their public IP address directly from their ISPs, which have a limited no.
·
ISPs and Large companies can sometimes get
their public IP address from a registration authority, such as Internet
Assigned Numbers Authority (IANA).
·
Most Networking devices such as Routers,
Layer 3 Switches, and firewalls have NAT features available, and most VPN
policies are configured by enabling NAT. certain addresses assigned by IANA for
private IP ranges such as -
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255
Conditions that required NAT:
If you have a private IP address and you need to
connect to the internet.
You need to connect your organization's subnets by a
single public IP address.
You need to provide private IP addresses to your VPN
users so that they can connect with your organization by firewall policy.
You need to hide your address visibility from the
outside world.
NAT Advantage:
·
Conserve IPv4 address space.
· Reduce address overlap occurrence, and increase
flexibility when connecting to the internet.
·
Provide security to your organization
because no one can track you from outside NAT.
·
Eliminates address renumbering as network
changes.
NAT Disadvantage-
·
Translation introduces switching path
delays.
·
Loss of end-to-end IP traceability.
·
Certain applications will not function
with NAT enabled.
NAT Terminology
Inside Local Address-Name of inside
source address before translation (Private IP)
Inside Global Address-Name of inside
host after translation (Public IP)
Outside Local Address-Name of
destination host before translation
Outside Global Address-Name of
destination host after translation
Types of NAT:
1.
Static Nat
2.
Dynamic NAT
3.
PAT (Overload)
Static NAT
·
This type of NAT design allows one-to-one
mapping between local and global addresses, which means you can map a single
private IP address with a Single Public IP address.
·
Keep in mind that the static version requires
you to have one real Internet IP address for every host on your network.
Dynamic NAT-
·
Dynamic NAT can map a group of Private IP addresses
with a group of Public IP address ranges. Also known as Many-to-many mapping.
·
You don’t have to statically configure
your router to map an inside to an outside address as you would use static NAT,
you do have to have enough real IP addresses for everyone who’s going to be
sending packets to and receiving them from the internet.
PAT or Overload-
·
In dynamic NAT, you can map a group of
private IP address ranges with a single public IP address, also known as many-to-one
or Port Address Translation (PAT). This type of NAT is mostly used today. you
get to have thousands of users connect to the internet using only one real
global IP address.
·
NAT overload is the real reason we haven’t
run out of valid IP address on the internet
How to Configure Static NAT-
R1(config)#ip nat inside source
static 10.0.0.2 1.1.1.100
R1(config)#int fa 0/0
R1(config-if)#ip nat inside
R1(config-if)#int se 0/0
R1(config-if)#ip nat outside
R1(config-if)#do wr
Verification-
R1#show ip nat translations
R1#show ip nat statistics
GoogleServer#
tracert 10.0.0.2
R1#Clear
IP nat translations *
Remove Static NAT-
R1#no
ip nat inside source static 10.0.0.2 1.1.1.100
How to Configure Dynamic NAT-
R1(config)#access-list 1 permit
10.0.0.0 0.255.255.255
R1(config)#ip nat pool lab1
1.1.1.100 1.1.1.200 netmask 255.0.0.0
R1(config)#ip nat inside source list
1 pool lab1
R1(config)#int fa 0/0
R1(config-if)#ip nat inside
R1(config-if)#int se 0/0
R1(config-if)#ip nat outside
R1(config-if)#do wr
Verification-
R1#show ip nat translations
R1#show ip nat statistics
GoogleServer#
tracert 10.0.0.2
GoogleServer#
tracert 10.0.0.2
R1#Clear
IP nat translations *
Remove Dynamic NAT-
R1(config)#no access-list 1 permit
10.0.0.0 0.255.255.255
R1(config)#ip nat pool lab1
1.1.1.100 1.1.1.200 netmask 255.0.0.0
R1(config)#ip nat inside source list
1 pool lab1
How to Configure Overload or PAT-
R1(config)#access-list 1 permit
10.0.0.0 0.255.255.255
R1(config)#ip nat pool lab2
1.1.1.100 1.1.1.100 netmask 255.0.0.0
R1(config)#ip nat inside source list
1 pool lab2 overload
R1(config)#int fa 0/0
R1(config-if)#ip nat inside
R1(config-if)#int se 0/0
R1(config-if)#ip nat outside
R1(config-if)#do wr
Verification-
R1#show ip nat translations
R1#show ip nat statistics
GoogleServer#
tracert 10.0.0.2
GoogleServer#
tracert 10.0.0.2
R1#Clear
IP nat translations *
Remove PAT (Overload)-
R1(config)#no access-list 1 permit
10.0.0.0 0.255.255.255
R1(config)#ip nat pool lab2
1.1.1.100 1.1.1.200 netmask 255.0.0.0
R1(config)#ip nat inside source list
1 pool lab2
https://www.youtube.com/watch?v=_Ig78fp5oJU&t=0s
https://www.youtube.com/watch?v=fjJxRhFURc8&t=0s
https://www.youtube.com/watch?v=RlULesIq30U&t=0s
https://www.youtube.com/watch?v=R57yCHR5Kd4&t=0s
https://www.youtube.com/watch?v=3pjL5D4EuRg&t=0s
https://www.youtube.com/watch?v=Zb_APzMlUng&t=0s
https://www.youtube.com/watch?v=vXSMcKLVAx0&t=0s
https://youtu.be/uSg9D9lMCr0
https://www.youtube.com/watch?v=A2OaptZirmg
https://youtu.be/932KO7tckSk
No comments:
Post a Comment