Escolar Documentos
Profissional Documentos
Cultura Documentos
Network Address
Translation (NAT)
Tariq Bader
CCIE # 35627
Security/VPN team
Cisco TAC
Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
NAT Definition
Types of NAT
Configuring NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
NAT
NAT Definition
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
IPv4 Private Address Space
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
IPv4 Private Address Space
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
What is NAT?
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Benefits of NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Disadvantages of NAT
1. Performance is degraded
2. End-to-end functionality is degraded
3. End-to-end IP traceability is lost
4. Tunneling is more complicated
5. Initiating TCP connections can be disrupted
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
NAT Terminology
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
NAT Terminology
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
NAT
Types of NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Static NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Static NAT (Cont.)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Dynamic NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Dynamic NAT (Cont.)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Port Address Translation (PAT)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Comparing NAT and PAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Port Forwarding (Static PAT)
Port forwarding is the act of forwarding a network port from
one network node to another.
A packet sent to the public IP address and port of a router
can be forwarded to a private IP address and port in inside
network.
Port forwarding is helpful in situations where servers have
private addresses, not reachable from the outside networks.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
NAT
Configuring NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Configuring Static NAT
1. Create the
mapping between
the inside local
and outside local
addresses.
2. Define which
interfaces belong
to the inside
network and
which belong to
the outside
network.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Configuring Static NAT – Network
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Analyzing Static NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Verifying Static NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Verifying Static NAT (Cont.)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Configuring Dynamic NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Configuring Dynamic NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Analyzing Dynamic NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Verifying Dynamic NAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Verifying Dynamic NAT (Cont.)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Configuring PAT – Address Pool
Each IP in the pool is a PAT address
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Configuring PAT – Single Address
The single address can be the interface address or a single public
address defined using a pool
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Analyzing PAT
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Analyzing PAT (Cont.)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Verifying PAT Translations
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Configuring Port Forwarding (Static PAT)
In IOS, Port forwarding is essentially a static NAT translation
with a specified TCP or UDP port number.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Troubleshooting NAT – show commands
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Troubleshooting NAT – debug command
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Q&A
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40