Slide 1

Download Report

Transcript Slide 1 

Scaling IP Addresses
Network Address Translation(NAT)
© 2004, Cisco Systems, Inc. All rights reserved.
1
Review - Private Addressing
© 2004, Cisco Systems, Inc. All rights reserved.
2
NAT (Network Address Translation)
• A NAT-enabled device typically operates
at the border of a stub network.
© 2004, Cisco Systems, Inc. All rights reserved.
3
NAT Terms
• Inside Local Addresses – An IP address assigned to a
host inside a network. This address is likely to be a RFC
1918 private address.
• Inside Global Address – A legitimate IP address
assigned by the NIC or service provider that represents
one or more inside local IP address to the outside world.
• Outside Local Address - The IP address of an outside
host as it known to the hosts in the inside network.
• Outside Global Address - The IP address assigned to a
host on the outside network. The owner of the host
assigns this address.
© 2004, Cisco Systems, Inc. All rights reserved.
4
NAT Features
• Static NAT is designed to allow one-to-one mapping
of local and global addresses.
Inside
http://179.9.8.10
Outside
10.0.0.10
DA
DA
10.0.0.10
179.9.8.10
10.0.0.2
NAT Table
Inside Local IP
Address
10.0.0.2
10.0.0.10
© 2004, Cisco Systems, Inc. All rights reserved.
Internet
Inside Global
IP Address
179.9.8.80
179.9.8.10
5
NAT Features
• Dynamic NAT is designed to map a private IP
address to a public address.
Inside
Outside
10.0.0.10
SA
179.8.9.80
Internet
SA
10.0.0.2
10.0.0.2
NAT Table
Inside Local IP
Address
10.0.0.2
10.0.0.10
© 2004, Cisco Systems, Inc. All rights reserved.
Inside Global
IP Address
179.9.8.80
179.9.8.10
6
PAT (Port Address Translation)
Features
• PAT uses unique source port numbers on the inside
global IP address to distinguish between
translations.
Inside
Outside
10.0.0.3
202.6.3.2
SA
SA
10.0.0.3:2333
179.9.8.80:1345
Internet
SA
179.9.8.80:2333
SA
126.23.2.2
10.0.0.2:1456
10.0.0.2
NAT Table
Inside Local IP
Address
10.0.0.2:1456
Inside Global
IP Address
179.9.8.80:1456
Outside Local
IP Address
202.6.3.2:80
10.0.0.3:2333
179.9.8.80:2333
126.23.2.2:80
© 2004, Cisco Systems, Inc. All rights reserved.
Outside Global
IP Address
202.6.3.2:80
126.23.2.2:80
7
NAT Benefits
• Eliminates re-assigning each host a new
IP address when changing to a new ISP
• Eliminates the need to re-address all hosts
that require external access, saving time
and money
• Conserves addresses through application
port-level multiplexing
• Protects network security
© 2004, Cisco Systems, Inc. All rights reserved.
8
Configuring Static NAT Translations
• Static translation are entered directly into the
configuration and are permanent in the
translation table
Router(config)#ip nat inside source static
10.6.1.20 171.69.68.10
© 2004, Cisco Systems, Inc. All rights reserved.
9
Inside/Outside interface
Outside Network
Inside Network
Inside
Interface
Inside Host
ip nat inside
NAT
Outside
Interface
ip nat outside
Outside Host
Router(config-if)#ip nat inside
• An interface on the router can be defined as
inside or outside
• Translations occur only from inside to outside
interfaces or vice versa—never between the same
type of interface
© 2004, Cisco Systems, Inc. All rights reserved.
10
Configuring Static NAT
© 2004, Cisco Systems, Inc. All rights reserved.
11
Dynamic Translations
• Dynamic translation specify the pool of global
addresses that inside addresses can be translated
into
Router(config)#ip nat pool nat-pool
179.9.8.80 179.9.8.95 netmask 255.255.255.240
• Dynamic translations use access lists to
identify IP addresses that NAT should create
translations for
Router(config)#ip nat inside source list 1 pool nat-pool
Router(config)#access-list 1 permit 10.0.0.0 0.0.255.255
© 2004, Cisco Systems, Inc. All rights reserved.
12
Configuring Dynamic NAT
© 2004, Cisco Systems, Inc. All rights reserved.
13
Configuring PAT
• Establishes overload translation, specifying the IP
address to be overloaded as that assigned to an
outside interface
Router(config)#ip nat inside source list 1
interface serial0/0 overload
• Establishes overload translation, specifying the IP address
to be overloaded as that assigned to a pool name
Router(config)# ip nat pool nat-pool2 179.9.8.20
netmask 255.255.255.240
Router(config)#ip nat inside source list 1
pool nat-pool2 overload
© 2004, Cisco Systems, Inc. All rights reserved.
14
Configuring PAT
© 2004, Cisco Systems, Inc. All rights reserved.
15
Clearing the NAT Translation Table
Router#clear ip nat translation *
• Clears all dynamic address translation entries
© 2004, Cisco Systems, Inc. All rights reserved.
16
Verifying NAT and PAT Configuration
© 2004, Cisco Systems, Inc. All rights reserved.
17
Troubleshooting NAT and PAT
© 2004, Cisco Systems, Inc. All rights reserved.
18
Issues With NAT
© 2004, Cisco Systems, Inc. All rights reserved.
19
Summary
© 2004, Cisco Systems, Inc. All rights reserved.
20