NAT presentation | free to view

About This Presentation

Transcript and Presenter's Notes

Title: NAT

1
NAT VPN

2
NAT

Network Address Translation (NAT)
Allows a host that does not have a valid
registered IP address to communicate with other
hosts through the Internet
Host might be using a private address or address
assigned to another organization
The source IP address is changed within the
packet from the private to the public address.
Cisco terminology uses Inside and Outside to
describe where the IP addresses reside
local and global are also used to describe
the location of the IP addresses
A table is kept with the translation
Static NAT
A one to one mapping is setup where the inside
address is always mapped to the same outside
address
This mapping does not change
A second private address will require a second
public address

3
NAT

Dynamic NAT
A one to one mapping is setup where the inside IP
addresses are dynamically assigned to a pool of
outside addresses
If all addresses in the outside pool are being
used, then the host will not be able to access
the outside
Dynamic NAT Static NAT
Dynamic NAT and Static NAT can work together
It is possible to setup a pool addresses and also
statically map some of the addresses
NAT Overload
Overloading allows NAT to scale to support many
clients to one IP address
Also referred to as PAT
Instead of just translating the IP address, it
also translates the port number
The translation table also maintains the port
number

4
NAT

NAT Configuration
The interfaces on router need to be designated as
the inside and outside interface
ip nat inside
ip nat outside
Static NAT Configuration
Configuration commands
ip nat inside source static 10.1.1.2 200.1.1.2
Show commands
show ip nat translations
Displays the translation table
sh ip nat statistics
Displays various different statistics

5
NAT

6
NAT

NAT Overload
A NAT pool must be setup for outside addresses
ip nat pool umbc 200.1.1.1 netmask
255.255.255.255
The above command is executed in configuration
mode
Two ways of mapping the inside addresses to the
outside pool
ip nat inside source list 1 pool umbc overload
ip nat inside source list 1 interface serial0/0
overload
The above command is executed in configuration
mode
This will map everything in access list 1 to the
IP address of the serial interface
The addresses to be translated need to be
identified
access-list 1 permit 10.1.1.0 0.0.0.255
The above command is executed in configuration
mode

7
VPN

Virtual Private Network (VPN)
A private data network that makes use of the
public telecommunication infrastructure
(Internet), maintaining privacy through the use
of a tunneling protocol and security procedures
A VPN is very cost effective
Traffic is encrypted as it travels across the
Internet
An administrator must be aware of the traffic
that flows through the tunnel and the end points
of tunnel
All traffic on the secure VPN must be encrypted
and authenticated
Encryption types
DES, 3DES, AES

8
VPN

Virtual Private Network (VPN)
The security properties on all end points of the
VPN tunnel must be the same
No one outside the VPN tunnel should be able to
effect the security properties of the tunnel
Split Tunneling allows for traffic to be sent
through a tunnel and outside the tunnel at the
same time
Very big security concern with Split Tunneling
IPSEC is used for encryption of VPN tunnel
Uses ISAKMP (IKE) UDP port 500 for tunnel setup
Uses esp (protocol 50) and ah (protocol 51) for
encryption

9
VPN

Write a Comment

User Comments (0)

About PowerShow.com

NAT PowerPoint PPT Presentation