1 chapter 7: nat in internet and intranet designs designs that include nat essential nat design...

1

Chapter 7: NAT in Internet and Intranet Designs

Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

2

NAT and Microsoft Windows 2000

Network Address Translation (NAT) Is included in Routing and Remote Access Provides small office or home office (SOHO)

connectivity Supports translated connections only Is not available in Windows 2000

Professional

3

NAT Design Review

Amount and confidentiality of data Network resources accessed by remote

users Future growth plans Existing routers Network uptime

4

NAT Characteristics

NAT modifies the IP packet. IP header Transmission Control Protocol (TCP) header User Datagram Protocol (UDP) header IP packet data

NAT does not work with many protocols.

5

NAT Design Decisions

Base on organizational requirements. Decide what the design will support.

Connection type Client type Connection method Network filters Remote access methods Number of connections

6

Stand-Alone SOHO Design

7

NAT in SOHO Designs Provides automatic IP configuration to

Dynamic Host Configuration Protocol (DHCP) clients

Uses IP filters to restrict access Provides automatic network address

translation Supports public and private IP addressing Provides shared Internet access Provides Internet connectivity over

Windows 2000 network interface

8

Branch Office Connectivity Design

9

NAT in the Network Design

10

NAT Server Interfaces

Minimum of two network interfaces Persistent or nonpersistent connections IP address and subnet mask

11

IP Address Assignment

NAT automatic address assignment Manual configuration Automatic Private IP Assignment

(APIPA) DHCP server

12

DNS Name Resolution

Clients need fully qualified domain name (FQDN)–to–IP resolution.

Clients use the DNS server to resolve FQDNs. Manually configure for specific DNS servers Specify automatic use of the DNS server

NAT

13

Protecting SOHO Network Resources

Routing and Remote Access IP packet filters

NAT address mapping NAT address pools

14

Restricting Internet Access

Use Routing and Remote Access IP packet filters.

Restrict outbound traffic by specifying IP headers.

Allow or disallow users access to Internet resources.

15

Protecting Corporate Network Resources

16

NAT Optimization

Dedicate a computer to running NAT. Choose persistent Internet connection. Consider using Microsoft Proxy Server

2.0 or Routing and Remote Access routing.

17

Chapter Summary NAT is cost effective. The NAT server should be placed

between the network and the Internet. Resources can be protected by using

Routing and Remote Access packet filters NAT address mapping NAT address pools

Use virtual private network (VPN) to protect confidential data.

NAT can be optimized.