Configuring NAT and PAT

Chapter 18

powered by DJ 1

Chapter ObjectivesAt the end of this Chapter you will be

able to:Implementing Network Addresses Translation (NAT)Implementing Port Address Translation (PAT)

powered by DJ 2

Network Address Translation (NAT)

When Do We Use NAT?

NAT is typically used on a border router. Here’s a list of situations when it’s best to have NAT on your side:

You need to connect to the Internet and your hosts don’t have globally unique IP addresses.

You change to a new ISP that requires you to renumber your network.

You need to merge two intranets with duplicate addresses.

powered by DJ 3

Where to configure NAT

powered by DJ 4

Advantages and Disadvantages of Implementing NAT

powered by DJ 5

Types of Network Address TranslationThere are three types of NAT:

Static NAT

This type of NAT is designed to allow one-to-one mapping between local and global addresses. Keep in mind that the static version requires you to have one real Internet IP address for every host on your network.

Dynamic NAT

This version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses.

powered by DJ 6

Overloading

This is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address—many-to-one—by using different ports.it’s also known as Port Address Translation (PAT). And by using PAT (NAT Overload), you get to have thousands of users connect to the Internet using only one real global IP address.

powered by DJ 7

How NAT Works:

To understand How Nat works, consider the figure:

Basic NAT translationpowered by DJ 8

NAT overloading example (PAT)

To understand Nat overloading, consider the following figure,

NAT Overloadingpowered by DJ 9

Static NAT Configuration

ip nat inside source static 10.1.1.1 170.46.2.2

interface Ethernet0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0

ip address 170.46.2.1 255.255.255.0

ip nat outside

powered by DJ 10

Dynamic NAT Configuration

ip nat pool hcl 170.168.2.2 170.168.2.254

netmask 255.255.255.0

ip nat inside source list 1 pool hcl

interface Ethernet0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0

ip address 170.168.2.1 255.255.255.0

ip nat outside

access-list 1 permit 10.1.1.0 0.0.0.255

powered by DJ 11

PAT (Overloading) Configuration ip nat pool globalnet 170.168.2.1 170.168.2.1

netmask 255.255.255.0

ip nat inside source list 1 pool globalnet overload

interface Ethernet0/0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0/0

ip address 170.168.2.1 255.255.255.0

ip nat outside

access-list 1 permit 10.1.1.0 0.0.0.255

powered by DJ 12

Simple Verification of NAT Router# show ip nat translation

Router#debug ip nat

To clear your NAT entries from the translation table, use the following command:

clear ip nat translation

To clear all entries from the NAT table, use an asterisk (*) at the end of the command.

powered by DJ 13

Configuring NAT Using SDM

There is more than one wizard. Again you get to pick between basic and advanced:

Basic NAT Use this wizard if you have some basic PCs/hosts on your trusted network that need access to the Internet. This wizard will guide you through the process of creating a basic NAT configuration.

Advanced NAT If you have servers on your inside network and the users from the outside need to access, you definitely want to opt for the Advanced NAT configuration.

powered by DJ 14

The first screen is the Create NAT Configuration screenpowered by DJ 15

Basic NAT Wizard is going to do.

Now click Next to get to a screen from which I’m able to select all my inside and outside addresses.powered by DJ 16

Sharing the Internet Connection

Finally, click Finish and it is done.powered by DJ 17

THANK YOU

powered by DJ 18