ITE PC v4.0 Chapter 1
Chapter 9: NAT for IPv4
Routing and Switching Essentials v6.0
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Cisco Networking Academy Program
Routing and Switching Essentials v6.0
Chapter 9: NAT for IPv4
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Chapter 9 – Sections & Objectives
9.1 Network Layer Protocols
Explain how NAT provides IPv4 address scalability in a small to medium-sized business network.
9.2 Configuring NAT
Configure NAT services on the edge router to provide IPv4 address scalability in a small to medium-sized business network.
9.3 Troubleshoot NAT Configurations
Troubleshoot NAT issues in a small to medium-sized business network.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
9.1 NAT Operation
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Cisco Networking Academy Program
Routing and Switching Essentials v6.0
Chapter 9: NAT for IPv4
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
NAT Operation
NAT Characteristics
IPv4 Private Address Space
10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16
What is NAT?
Process to translate network IPv4 address
Conserve public IPv4 addresses
Configured at the border router for translation
NAT Terminology
Inside address
Inside local address
Inside global address
Outside address
Outside local address
Outside global address
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
9.1 – NAT Operation
9.1.1 – NAT Characteristics
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
NAT Operation
Types of NAT
Static NAT
One-to-one mapping of local and global addresses
Configured by the network administrator and remain constant.
Dynamic NAT
Uses a pool of public addresses and assigns them on a first-come, first-served basis
Requires that enough public addresses for the total number of simultaneous user sessions
Port Address Translation (PAT)
Maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses
Also known as NAT overload
Validates that the incoming packets were requested
Uses port numbers to forward the response packets to the correct internal device
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
9.1 – NAT Operation
9.1.2 – Types of NAT
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
NAT Operation
NAT Advantages
Advantages of NAT
Conserves the legally registered addressing scheme
Increases the flexibility of connections to the public network
Provides consistency for internal network addressing schemes
Provides network security
Disadvantages of NAT
Performance is degraded
End-to-end functionality is degraded
End-to-end IP traceability is lost
Tunneling is more complicated
Initiating TCP connections can be disrupted
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
9.1 – NAT Operation
9.1.3 – NAT Advantages
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
9.2 Configuring NAT
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Cisco Networking Academy Program
Routing and Switching Essentials v6.0
Chapter 9: NAT for IPv4
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Static NAT
Configuring Static NAT
Create the mapping between the inside local and outside local addresses
ip nat inside source static local-ip global-ip
Define which interfaces belong to the inside network and which belong to the outside network
ip nat inside
ip nat outside
Analyzing Static NAT
Verifying Static NAT
show ip nat translations
show ip nat statistics
clear ip nat statistics
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
9.2 – Configuring NAT
9.2.1 – Configuring Static NAT
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Dynamic NAT
Dynamic NAT Operation
The pool of public IPv4 addresses (inside global address pool) is available to any device on the inside network on a first-come, first-served basis.
With dynamic NAT, a single inside address is translated to a single outside address.
The pool must be large enough to accommodate all inside devices.
A device is unable to communicate to any external networks if no addresses are available in the pool.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
9.2 – Configuring NAT
9.2.2 – Configuring Dynamic NAT
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Dynamic NAT (Cont.)
Configuring Dynamic NAT
Create the mapping between the inside local and outside local addresses
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-wildcard]
Bind the ACL to the pool
ip nat inside source list access-list-number pool name
Identify the inside and outside interfaces
ip nat inside
ip nat outside
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
9.2 – Configuring NAT
9.2.2 – Configuring Dynamic NAT
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Dynamic NAT (Cont.)
Analyzing Dynamic NAT
Verifying Dynamic NAT
show ip nat translations
show ip nat translations verbose
clear ip nat statistics
clear ip nat translations *
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
9.2 – Configuring NAT
9.2.2 – Configuring Dynamic NAT
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Port Address Translations (PAT)
Configuring PAT: Address Pool
Create the mapping between the inside local and outside local addresses
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-wildcard]
Bind the ACL to the pool
ip nat inside source list access-list-number pool name
Identify the inside and outside interfaces
ip nat inside
ip nat outside
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
9.2 – Configuring NAT
9.2.3 – Configuring Port Address Translations (PAT)
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
Configuring PAT: Single Address
Define a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-wildcard]
Establish dynamic source translation, specify the ACL, exit interface, and overload option
ip nat inside source list access-list-number interface type name overload
Identify the inside and outside interfaces
ip nat inside
ip nat outside
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
9.2 – Configuring NAT
9.2.3 – Configuring Port Address Translations (PAT)
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
Analyzing PAT
Verifying PAT
show ip nat translations
show ip nat statistics
slear ip nat statistics
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
9.2 – Configuring NAT
9.2.3 – Configuring Port Address Translations (PAT)
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Port Forwarding
Port Forwarding
Port forwarding is the act of forwarding a network port from one network node to another.
A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network.
Port forwarding is helpful in situations where servers have private addresses, not reachable from the outside networks.
Wireless Router Example
Configuring Port Forwarding with IOS
ip nat inside source [static {tcp | udp local-ip local-port global-ip global-port} [extendable]
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
9.2 – Configuring NAT
9.2.4 – Port Forwarding
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring NAT and IPv6
NAT for IPv6?
IPv6 with a 128-bit address provides 340 undecillion addresses.
Address space is not an issue for IPv6.
IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement a form of private addresses, and it is implemented differently than they are for IPv4.
IPv6 Unique Local Address
IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a local site.
ULAs are not meant to provide additional IPv6 address space.
ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF.
ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local addresses).
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
9.2 – Configuring NAT
9.2.5 – Configuring NAT and IPv6
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuring NAT
Configuring NAT and IPv6 (Cont.)
NAT for IPv6
IPv6 also uses NAT, but in a much different context.
In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4.
NAT64 is not intended to be a permanent solution; it is meant to be a transition mechanism.
Network Address Translation-Protocol Translation (NAT-PT) was another NAT-based transition mechanism for IPv6, but is now deprecated by IETF.
NAT64 is now recommended.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
9.2 – Configuring NAT
9.2.5 – Configuring NAT and IPv6
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
9.3 Troubleshooting NAT
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Cisco Networking Academy Program
Routing and Switching Essentials v6.0
Chapter 9: NAT for IPv4
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Troubleshooting NAT
Troubleshooting NAT Configurations
Troubleshooting NAT: show commands
clear ip nat statistics
clear ip nat translations *
show ip nat statistics
Show ip nat translations
Troubleshooting NAT: debug commands
debug ip nat
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
9.3 – Troubleshooting NAT
9.3.1 – Troubleshooting NAT Configurations
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
9.4 Chapter Summary
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Cisco Networking Academy Program
Routing and Switching Essentials v6.0
Chapter 9: NAT for IPv4
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Chapter Summary
Summary
How NAT is used to help alleviate the depletion of the IPv4 address space.
NAT conserves public address space and saves considerable administrative overhead in managing adds, moves, and changes.
NAT for IPv4, including:
NAT characteristics, terminology, and general operations
Different types of NAT, including static NAT, dynamic NAT, and NAT with overloading
Benefits and disadvantages of NAT
The configuration, verification, and analysis of static NAT, dynamic NAT, and NAT with overloading.
How port forwarding can be used to access an internal devices from the Internet.
Troubleshooting NAT using show and debug commands.
How NAT for IPv6 is used to translate between IPv6 addresses and IPv4 addresses.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
9.4.1 – Summary
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
/docProps/thumbnail.jpeg