Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • Ccna 17 Nat

    Cargado por

    Amirpasha
    20 vistas34 páginas
    hki

    Título original

    CCNA_17_NAT

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    hki

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    20 vistas34 páginas

    Ccna 17 Nat

    Cargado por

    Amirpasha
    hki

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 34

    NAT

    Shariaty@gmail.com
    www.alishariaty.ir

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Contents

    Part I Basic NAT Concepts


    Part II Static NAT
    Part III Dynamic NAT
    Part IV PAT (NAT Overload)

    Estimated time
    02:00:00

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Part I
    Basic NAT Concepts

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Basic NAT Concepts

    Public IP addresses: can be routed in the internet.


    Private IP addresses: can not be routed in the
    internet.

    Problem
    Private IP addresses may not access the internet.

    Solution
    Source IP will be translated to public.

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Basic NAT Concepts

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Basic NAT Concepts

    NAT (Network address Translation) is the technology


    of changing the Source IP address.

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Basic NAT Concepts
    Terminology

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Basic NAT Concepts
    NAT Types

    Static NAT
    Dynamic NAT
    PAT (NAT Overload)

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Part II
    Static NAT

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Terminology

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    Step1
    Inside & outside interfaces selection.

    Router(conf)# Interface fastethernet 0/0


    Router(conf-if)# Ip nat inside
    Router(conf)# Interface serial 0
    Router(conf-if)# Ip nat outside

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    Step1
    Inside & outside interfaces selection.

    Router(conf)# Interface fastethernet 0/0


    Router(conf-if)# Ip nat inside
    Router(conf)# Interface fastethernet 0/1
    Router(conf-if)# Ip nat inside
    Router(conf)# Interface serial 0
    Router(conf-if)# Ip nat outside

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    Step2
    NAT table initiation.

    Router(conf)# IP nat inside source static <inside-local> <inside-global>

    Example
    Router(conf)# IP nat inside source static 192.168.1.10 80.80.80.80
    Router(conf)# IP nat inside source static 192.168.1.11 80.80.80.81

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration
    Internet Simulation

    On the R0 there is a default route to the R1


    There is no route to the R0 subnets on the R1

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration
    R1(config)# interface fastEthernet 0/1
    R1(config-if)# ip nat inside

    R1(config)# interface serial 0/1/0


    R1(config-if)# ip nat outside

    R1(config)# ip nat inside source static 192.168.0.10 12.12.12.1

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    R1# clear ip nat translation *

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Part III
    Dynamic NAT

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Dynamic NAT

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Dynamic NAT
    Configuration

    Step1
    Inside & outside interfaces selection.
    Router(conf)# interface fastethernet 0/0
    Router(conf-if)# ip nat inside
    Router(conf)# interface serial 0
    Router(conf-if)# ip nat outside

    Step2
    Internal users with standard ACL.
    Router(conf)# Access-list 1 permit 192.168.1.0 0.0.0.255

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Dynamic NAT
    Configuration

    Step3
    Outside address pool.
    Router(conf)# ip nat pool test 80.80.80.1 80.80.80.14 netmask
    255.255.255.240

    Step4
    NAT table initiation.
    Router(conf)# ip nat inside source list 1 pool test

    Step5
    Idle timeout (default 5 min).
    Router(conf)# ip nat translation time-out 300

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Static NAT
    Configuration
    R1(config)# interface fastEthernet 0/1
    R1(config-if)# ip nat inside

    R1(config)# interface serial 0/1/0


    R1(config-if)# ip nat outside

    R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255


    R1(config)#ip nat pool cisco 12.12.12.1 12.12.12.10 netmask 255.255.255.0

    R1(config)#ip nat inside source list 1 pool cisco


    OR
    R1(config)#ip nat inside source list 1 interface serial 0/1/0

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Part IV
    PAT (NAT Overload)

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)
    Configuration

    Step1
    Inside & outside interfaces selection.
    Router(conf)# interface fastethernet 0/0
    Router(conf-if)# ip nat inside
    Router(conf)# interface serial 0
    Router(conf-if)# ip nat outside

    Step2
    Internal users with standard ACL.
    Router(conf)# Access-list 1 permit 192.168.1.0 0.0.0.255

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)
    Configuration

    Step3
    Outside address pool.
    Router(conf)# ip nat pool test 80.80.80.1 80.80.80.14 netmask
    255.255.255.240

    Step4
    NAT table initiation.
    A. Translate inside addresses to an outside interface
    Router(conf)# ip nat inside source list 1 interface serial 0/0/0 overload

    B. Translate inside addresses to an outside addresses pool


    Router(conf)# ip nat inside source list 1 pool test overload

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)
    Configuration

    Note
    If NAT is activated on an interface , it may not be
    deactivated just by "no ip nat" command. In these
    cases first:

    R1#clear ip nat translation *

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)
    Configuration

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    PAT (Port Address Translation)
    Configuration
    R1(config)# interface fastEthernet 0/1
    R1(config-if)# ip nat inside

    R1(config)# interface serial 0/1/0


    R1(config-if)# ip nat outside

    R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255


    R1(config)#ip nat pool cisco 12.12.12.1 12.12.12.10 netmask 255.255.255.0

    R1(config)#ip nat inside source list 1 pool cisco Overload


    OR
    R1(config)#ip nat inside source list 1 interface serial 0/1/0 Overload

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    Q. Examine the following configuration commands:

    If the configuration is intended to enable source NAT


    overload, which of the following commands could be
    useful to complete the configuration?
    (Choose two answers.)

    a. The ip nat outside command


    b. The ip nat pat command
    c. The overload keyword
    d. The ip nat pool command

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.
    The only person who is educated
    is the one who has learned how
    to learn and change.
    Carl Rogers

    Shariaty@gmail.com Copyright 2012 Alishariaty.ir


    www.alishariaty.ir All Rights Reserved.

    También podría gustarte