Upload
bsaradel-saradel
View
215
Download
0
Embed Size (px)
Citation preview
8/2/2019 NATCISCO (Enregistr automatiquement)
1/3
1. Overloading or Port Address Translation (PAT)
This is the most frequently used form of NAT in IP networks. It uses the concept of many-to-
one translation where multiple connections from different internal hosts are multiplexed into a
single registered (public) IP address using different source port numbers. This type of NAT allows
a maximum of 65,536 internal connections to be translated into a single public IP. This type of NAT
is very useful in situations where our ISP has assigned us only a single public IP address, as shownbelow.
In our scenario above, our internal network range is 192.168.32.0/24 and our assigned public IPaddress is 213.18.123.100. All internal hosts will be translated to the public address using different
port numbers.
Configuration:
Router(config)# interface ethernet 0
Router(config-if )# ip address 192.168.32.1 255.255.255.0
Router(config-if )# ip nat inside
Router(config)# interface serial 0
Router(config-if )# ip address 213.18.123.100 255.255.255.0
Router(config-if )# ip nat outside
Router(config)# ip nat pool overloadpool 213.18.123.100 213.18.123.100 prefix-length 24
Router(config)# ip nat inside source list 1 pool overloadpool overload
Router(config)# access-list 1 permit 192.168.32.0 0.0.0.255
2. Dynamic NAT
Dynamic NAT translates internal private IP addresses to public addresses from a range (pool) of
public addresses assigned to our network from an ISP.
In our example scenario above, assume that we own the range of public IP addresses
213.18.123.0/24. Any internal host accessing the internet, will be translated by the NAT router to
the first available public IP in the public pool range. In our example above, internal host
8/2/2019 NATCISCO (Enregistr automatiquement)
2/3
192.168.32.10 is translated to 213.18.123.116 (one-to-one mapping). Similarly, 192.168.32.12 is
translated to 213.18.123.112 etc.
Configuration:
Router(config)# interface ethernet 0
Router(config-if )# ip address 192.168.32.1 255.255.255.0Router(config-if )# ip nat inside
Router(config)# interface serial 0
Router(config-if )# ip address 100.100.100.1 255.255.255.252
Router(config-if )# ip nat outside
Router(config)# ip nat pool dynamicpool 213.18.123.0 213.18.123.255 prefix-length 24
Router(config)# ip nat inside source list 1 pool dynamicpool
Router(config)# access-list 1 permit 192.168.32.0 0.0.0.255
3. Static NAT
This form of NAT creates a permanent one-to-one static mapping of a public IP address with a
private IP address. It is particularly useful in cases where an internal host needs to be accessible
from the outside public internet.
In our example diagram above, the internal host with private IP address 192.168.32.10 will always
be translated to 213.18.123.110. Hosts from the outside public internet will be able to directly
access the statically nated internal hosts by accessing their mapped public IP address. This
scenario is useful to provide access to public company servers such as Web Server, Email Server
etc.
Configuration:
Router(config)# interface ethernet 0
Router(config-if )# ip address 192.168.32.1 255.255.255.0
Router(config-if )# ip nat inside
Router(config)# interface serial 0
Router(config-if )# ip address 100.100.100.1 255.255.255.252
Router(config-if )# ip nat outside
Router(config)# ip nat inside source static 192.168.32.10 213.18.123.110
Router(config)# ip nat inside source static 192.168.32.12 213.18.123.111
Router(config)# ip nat inside source static 192.168.32.15 213.18.123.112
4. Port Redirection
This is useful in situations where we have a single public IP address and we need to use it for
accessing two or more internal servers from outside. Assume that we have a Web and Emailservers that we need to provide access from outside using only a single public IP address. Assume
that our public address is 100.100.100.1. Inbound traffic coming towards address 100.100.100.1
8/2/2019 NATCISCO (Enregistr automatiquement)
3/3
port 80 will be redirected to our internal Web Server 192.168.32.10, and inbound traffic coming
towards address 100.100.100.1 port 25 will be redirected to our internal Email Server
192.168.32.20.
Configuration:
Router(config)# interface ethernet 0Router(config-if )# ip address 192.168.32.1 255.255.255.0
Router(config-if )# ip nat inside
Router(config)# interface serial 0
Router(config-if )# ip address 100.100.100.1 255.255.255.252
Router(config-if )# ip nat outside
Router(config)# ip nat inside source static tcp 192.168.32.10 80 100.100.100.1 80
Router(config)# ip nat inside source static tcp 192.168.32.20 25 100.100.100.1 25