From Mycomputer Notes

Revision as of 22:12, 13 November 2006 (edit) 70.82.223.90 (Talk) (→NAT Advantages) ← Previous diff		Revision as of 22:13, 13 November 2006 (edit) (undo) 70.82.223.90 (Talk) (→NAT Disavantages) Next diff →
Line 104:		Line 104:
	Cisco IOS NAT DOES NOT Supports the followings:		Cisco IOS NAT DOES NOT Supports the followings:
		+	#Routing Table Updates
		+	#DNS zone transfers
		+	#BOOTP
		+	#Talk & NTalk protocols
		+	#SNMP

---

Revision as of 22:13, 13 November 2006

Contents 1 Configuring NAT & PAT 1.1 Static Translations 1.2 Dynamic Translations 1.3 Configuring PAT 1.3.1 NAT Advantages 1.3.2 NAT Disavantages

Configuring NAT & PAT

Static Translations

Stattic Trasnlation are entered direclty into the configuration and are always entered in the translation table. To configured static inside source address translation perform the task below:

• - Establish static translation between an inside local address and an insie global address in Global Configuration Mode.

Router(Config)#ip nat inside source static <LOCAL-IP> <GLOBAL-IP>

• - Enter the interface mode and specify the inside interface & Mark the interface as connected to the inside

Router(config)#interface <TYPE> <NUMBER>
Router(config)#ip nat inside

• - Specify the outside inteface & Mark the interface as connected to the outised

 Router(config)#interface <TYPE> <NUMBER>
 Router(config)#ip nat outside

Dynamic Translations

Access lists are used by NAT to select addresses for dynamic translation, dynamic translation used the addresses permitted by the access list to be translated; only those addresses are to be translated. Cisco advises againtst configuring access list referenced by NAT command with permit any command. Using permit any can result in NAT consuming too many router resources, which can cause network problems. To configure dynamic inside source address translation, perform the tasks below

Router(config)#access-list 1 permit 10.0.0.0 0.0.255.255
Router(config)#ip nat inside source list 1 pool <POOL-NAME>

• - Enter global configuration mode and define a pool of global addresses to be allocated as needed.

Router(config)#ip nat pool <POOL-NAME><START-IP><END-IP> netmask <NETMASK>

• - Define a standard access list permitting those addresses that are to be translated

Router(config)#access-list <ACL-NUMBER> permit <IP-SOURCE> <WILDCARD>

• - Establish dynamic source translating specifying the access list defined in prior step.

Router(config)#ip nat inside source list <ACL-NUMBER> pool <POOL-NAME>

• - Enter the interface mode and specify the inside interface & Mark the interface as connected to the inside

Router(config)#interface <TYPE> <NUMBER>
Router(config)#ip nat inside

• - Specify the outside inteface & Mark the interface as connected to the outised

 Router(config)#interface <TYPE> <NUMBER>
 Router(config)#ip nat outside

Configuring PAT

Overloading is configured when an IPS has allocated one public ip address to an entire private network.

Define a standard IP access list permitting those inside local addresses that are to be translated.

Router (config)#access-list 1 permit 10.0.0.0 0.0.255.255

Establish overload translation by specifying the IP address to be overloaded as that assigned to an outside interface.

Router (config)#ip nat inside source list 1 interface serial0/0 overload.

Follow the steps below to configured overloading: The first step os tje same as when configuring a dynamic translation.

• - Define a standard access list permitting those addresses that are to be translated.

Router(config)#access-list <ACL-NUMBER> permit <IP-SOURCE> <WILDCARD>

• - Establish dynamic source translating specifying the access list defined in prior step.

Router(config)#ip nat inside source list <ACL-NUMBER> interface <TYPE> <NUMBER> overload

• - Specify the Global address, as a pool to be used for overloading & overload translation. This is used when the ISP has provided a pool of public ip addresses to the private network.

Router(config)#ip nat pool <POOL-NAME><START-IP><END-IP> netmask <NETMASK> 
Router(config)#ip nat inside source list <ACL-NUMBER> pool <POOL-NAME> overload

• - Enter the interface mode and specify the inside interface & Mark the interface as connected to the inside

Router(config)#interface <TYPE> <NUMBER>
Router(config)#ip nat inside

• - Specify the outside inteface & Mark the interface as connected to the outised

 Router(config)#interface <TYPE> <NUMBER>
 Router(config)#ip nat outside

NAT Advantages

• Conserves the public addressing scheme by allowing the privatization of intranets.
• Increased flexibility of connections to the public network.
• Consistent Internal Networking scheme. The Internal scheme does not need to be changed when there is a communication stablished to the outside.

NAT Disavantages

• NAT Increased delay due to the translation of each IP addess within the packet headers.
• Performance is decrease because because the CPU must look at every packet to decide whether it must be translated.
• Major disavantage is the lost of end-to-end IP traceability. It is dificult to trace a packet from source to destination since the packet can be translate several times as it undergoes several NAT traslations. Applications that used that used the physical address instead of domain name will not reached destination that are translated accross the NAT rotuer.

Cisco IOS NAT Supports the followings:

1. ICMP
2. FTP (PORT & PASV)
3. NetBIOS over TCP/IP (datagrame, name & session services)

Cisco IOS NAT DOES NOT Supports the followings:

1. Routing Table Updates
2. DNS zone transfers
3. BOOTP
4. Talk & NTalk protocols
5. SNMP