NAT (Network Address Translation)

1. NAT Introduction

NAT: Provides the translation of private address to public address.

 

NAT has many uses, but its primary use is to conserve public IPv4 addresses. It does this by allowing networks to use private IPv4 addresses internally and providing translation to a public address only when needed. NAT has an added benefit of adding a degree of privacy and security to a network, because it hides internal IPv4 addresses from outside networks.

 

NAT (Network Address Translation)

 

NAT (Network Address Translation)

The terms, inside and outside, are combined with the terms local and global to refer to specific addresses. In the figure, router R2 has been configured to provide NAT. It has a pool of public addresses to assign to inside hosts.

   

  • Inside local address - The address of the source as seen from inside the network. In the figure, the IPv4 address 192.168.10.10 is assigned to PC1. This is the inside local address of PC1.
  • Inside global address - The address of source as seen from the outside network. In the figure, when traffic from PC1 is sent to the web server at 209.165.201.1, R2 translates the inside local address to an inside global address. In this case, R2 changes the IPv4 source address from 192.168.10.10 to 209.165.200.226. In NAT terminology, the inside local address of 192.168.10.10 is translated to the inside global address of 209.165.200.226.
  • Outside global address - The address of the destination as seen from the outside network. It is a globally routable IPv4 address assigned to a host on the Internet. For example, the web server is reachable at IPv4 address 209.165.201.1. Most often the outside local and outside global addresses are the same.
  • Outside local address - The address of the destination as seen from the inside network. In this example, PC1 sends traffic to the web server at the IPv4 address 209.165.201.1. While uncommon, this address could be different than the globally routable address of the destination.

 

 2. Types of NAT

There are three types of NAT translation:

  1. Static address translation (static NAT) - one-to-one address mapping between local and global address.
  2. Dynamic address translation (dynamic NAT) - Many-to-many address mapping between local and global addresses.
  3. Port Address Translation (PAT/ NAT overloading) - many-to-one address mapping between local and global addresses.

 

 2.1 Static NAT

Static NAT uses a one-to-one mapping of local and global addresses. These mappings are configured by the network administrator and remain constant.

Static NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.

Static NAT is particularly useful for web servers or devices that must have a consistent address that is accessible from the Internet.

 

Configure Static NAT

Step

Action

 

1

Establish static Translation between an inside local address and an inside global address.

Router(config)#ip nat inside source static local-ip global-ip

 

2

Specify the inside interface.

Router(config)#interface type number

 

3

Mark the interface as connected to the inside.

Router(config-if)#ip nat inside

 

4

Exit interface configuration mode.

Router(config-if)#exit

 

5

Specify the outside interface.

Router(config)#interface type number

 

6

Mark the interface as connected to the outside

Router(config-if)#ip nat outside

 

 

 

Verifying Static NAT Translations

Router#show ip nat translations

The static translation is always present in the NAT table

Router#clear ip nat statistics

 

Router#show ip nat statistics

 

 

 

 

  1. Dynamic NAT

    Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis.

Configure Dynamic NAT

Step

Action

1

Define a pool of global addresses to be used for translation.

Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

2

Configure a standard access list permitting the addresses that should be translated.

Router(config)# access-list access-list-number permit source [source-wildcard]

3

Establish dynamic source translation, specify the access list and pool defined in prior steps.

Router(config)#ip nat source list access-list-number pool name

4

Identify the inside interface.

Interface type number

Ip nat inside

5

Specify the outside interface.

Router(config)#interface type number

6

Mark the interface as connected to the outside

Router(config-if)#ip nat outside

 

Verifying Static NAT Translations

Router#show ip nat translations

The static translation is always present in the NAT table

Router#clear ip nat statistics *

Clear all dynamic address translation entries from the NAT translation table

Router#show ip nat statistics

 
   

 

 

 

 

2.3 PAT/ NAT Overload

Port Address Translation (PAT)/NAT overloading: maps multiple private IPv4 address or a few address. PAT ensures that devices use a different TCP port number for each session with a server on the Internet.

 

Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. This is what most home routers do. The ISP assigns one address to the router, yet several members of the household can simultaneously access the Internet. This is the most common form of NAT.

 

 

Configure PNAT

 

Step

Action

1

Define a pool of global addresses to be used for translation.

Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

2

Configure a standard access list permitting the addresses that should be translated.

Router(config)# access-list access-list-number permit source [source-wildcard]

3

Establish dynamic source translation, specify the access list and pool defined in prior steps.

Router(config)#ip nat source list access-list-number pool name overload

4

Identify the inside interface.

Interface type number

Ip nat inside

5

Specify the outside interface.

Router(config)#interface type number

Ip nat outside

 

 

 

2.4 Benefits of NAT:

    1. Conserves the legally registered addressing scheme

    2. Increases the flexibility of connections to the public network

    3. Provides consistency for internal network addressing schemes

    4. Provides network security

 

2.5 Disadvantages of NAT:

    1. Performance is degraded

    2. End-to-end functionality is degraded

    3. End-to-end IP traceability is lost.

    4. Tunneling becomes more complicated

    5. Initiating TCP connections can be disrupted.

 

你可能感兴趣的:(NetWork)