ccna chapter 12 by jetarvind kumar madhukar

Release 16/07/2009 Jetking Infotrain Ltd.

NAT/PAT

Chapter 12


Chapter Objectives

Explain Network Address Translation Explain Static NAT Explain Dynamic NAT Discuss Port Address Translation


Recall - I

Frame relay is a technology used for connecting devices on a WAN

Frame relay networks are multi-access networks where more than two devices can be attached to the network

A Virtual Circuit (VC) represents the path on which the frame travels

LMI enables the DCE and DTE to exchange information, including the information about virtual circuits


Recall - II

The DLCI identifies a VC for the frame relay to forward the frames to appropriate remote site when multiple access list use the same access list

Frame relay DLCI are locally significant, which indicates that the addresses should be unique on the local access link

Frame relay networks use Asynchronous Transfer Mode (ATM) in the core of the frame relay network


Network Address Translation (NAT)

NAT-enabled router stores the details of private IP addresses and the public IP address in a routing table

NAT overcomes the problem of lack of public IP addresses

It provides security from hackers by hiding addresses

Allows re-routing the requests to other servers in the network if the request does not reach the destined server


Explaining Network Address Translation (NAT)

NAT operates on a router connecting two networks NAT is transparent to the source and destination

computers NAT operates at the Network layer (Layer 3) of the

OSI Reference Model because routers work at this layer

NAT is useful for network administration


Working of NAT

The inside network addresses are converted into legal addresses before the packets are forwarded to the other network

Inside Local is the configured IP address assigned to a host on the inside network


Working of NAT Inside Global is the IP address of an inside host as it

appears to the outside network, is the “Translated IP Address”

Addresses can be allocated from a globally unique address space provided by the Internet Service Provider (ISP) if the enterprise is connected to the global Internet


Outside Addressing


NAT Implementation

NAT is implemented on a network that requires few addresses to access the Global Internet

NAT is implemented using two techniques: Static Address Translation Dynamic Address Translation


NAT Configuration Commands

The NAT configuration commands include: Access-List ip nat pool ip nat inside source list pool ip nat outside source pool ip nat inside source static ip nat {inside | outside} ip nat inside destination list pool


NAT Overlapping Address Translation

Assigning an IP address to a device in a network and that address is a legal IP address of a device in an outside network, it is referred as overlapping


Verifying NAT Operations

The commands that help you to verify the NAT operations are: show ip nat translations [verbose] show ip nat statistics


Static NAT Static NAT, also called inbound mapping, allows

connections initiated by external devices to computers on the stub domain to take place in specific circumstances

Static NAT (inbound mapping) allows a computer on the stub domain to maintain a specific address while communicating with devices outside the network


Port Address Translation

The Port Address Translation (PAT) is used to translate internal addresses to only one or a few external addresses

The PAT feature is also referred as “overload”, which is a subset of NAT functionality

In a PAT implemented network, the address translation device (router) assigns same IP address to all the devices

The source port number enables you to differentiate the connections in the network


Port Address Translation

Two devices in the network having the same source port number, the router changes the port number of one device to make it unique

The total number of port numbers can theoretically be as high as 65,536 per IP address


Concept of PAT


Summary - I

NAT operates at the Network layer (Layer 3) of the OSI Reference Model because this is the layer at which routers work

You can configure, verify and troubleshoot NAT and PAT on an interface

To configure Static NAT, you can configure the router for IP routing and IP addressing


Summary - II

To verify NAT use the following commands: show ip nat translations [verbose] -

Displays active translations show ip nat - Displays translation statistics

To troubleshoot NAT, you can use the debug ip nat [list | detailed] command. This command allows you to trace the NAT operation by displaying a line of output for each packet that gets translated


Summary - III

To clear NAT translation use the following commands: clear ip nat translation - Clears all translation

entries clear ip nat translation inside global-ip local-ip [ outsidelocal-ip globalip] - Clears a simple translation entry containing an inside translation or both an inside and outside translation

clear ip nat translation outside local-ip global-ip - Clears a simple translation entry containing an outside translation

clear ip nat translation protocol inside - Enables you to clear an extended entry (in its various forms)


Summary - IV

To monitor PAT, you can use the show ip pat command to display PAT statistics and the currently active translated sessions

ccna chapter 12 by jetarvind kumar madhukar

Education

accesslist ip nat pool

network addresses

configured ip address

networks nat

source pool ip nat

source static ip nat

layer nat

outside network