NAT: Network Address Translation and PAT: Port Address Translation
Terms:
NAT Pool: A container of Public IPv4 addresses maintained NAT-enabled router. NAT enabled router can pull one of the public IPv4 addresses from NAT Pool while translating from private IPv4
addresses to public addresses.
Note: A NAT router typically operates at the border of a stub network; A stub network comprises one or more network with a single connection from neighboring network.
NAT Terminalogy:
- Inside local
- Inside global
- Outside local
- Outside global
Local address - A local address is any address that appears on the inside portion of the network.
Global address - A global address is any address that appears on the outside portion of the network.
Inside address - The address of the device which is being translated by NAT.
Outside address - The address of the destination device.
Lets make it clear with an example:
Suppose a personal computer PC1 (ip:192.168.0.1) is connected to a private network with a NAT-enabled router. NAT pool has one public IPv4 address (201.165.12.1). Now PC1 is trying to send a data packet to a web server (105.15.12.5).
NAT table will be generated as follow:
Inside local address: 192.168.0.1
Outside local address: 105.15.12.5
Inside global address: 201.165.12.1
Outside global address: 105.15.12.5
NAT technology can be divided into two important types:
1. Static NAT
2. Dynamic NAT
Useful Commands for static NAT configuration:
make translation entry:
(config) # ip nat inside source static <private-address> <public-address>
configuring inside and outside interface:
(config-if)# ip nat [inside | outside]
Verification:
# show ip nat translation
# show ip nat statistics
Useful Commands for Dynamic NAT Configurations:
Step 1: make NAT Pool:
(config)# ip nat pool <pool-name> <starting-address> <end-address> <net-mask>
Step 2: make a ACL list
(config)# access-list <access-list-number> <ip-address> <wildcard-mask>
Step 3: bind ACL list to NAT pool
(config)# ip nat inside source list <ACL name/number> pool <NAT-pool-name>
Step 4: configuring inside interface similiar to static NAT
(config-if)# ip nat inside
Step 5: configuring outside interface similiar to statice NAT
(confi-if)# ip nat outside
Verification commands are the same as Static NAT.
Note: # show running-config | include NAT
can be useful to verify actual commands.
PAT configuration:
1. Single inside global address
R2(config)# ip nat inside source list 1 interface serial 0/1/1 overload
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# interface serial0/1/0
R2(config-if)# ip nat inside
R2(config-if)# exit
R2(config)# interface Serial0/1/1
R2(config-if)# ip nat outside
2. Pool of inside global address
R2(config)# ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240 netmask 255.255.255.224
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# ip nat inside source list 1 pool NAT-POOL2 overload
R2(config)#
R2(config)# interface serial0/1/0
R2(config-if)# ip nat inside
R2(config-if)# exit
R2(config)# interface serial0/1/1
R2(config-if)# ip nat outside
R2(config-if)# end
0 comments:
Post a Comment