1 / 39

Any Questions?

Any Questions?. Ch 16- Network Address Translation. Perspectives on IPv4 Address Scalability Network Address Translation Concepts NAT Configuration and Troubleshooting. Do I know this?. Go through the Quiz- 5 minutes. 1. What does CIDR stand for? a. Classful IP Default Routing

zubin
Télécharger la présentation

Any Questions?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Any Questions?

  2. Ch 16-Network Address Translation • Perspectives on IPv4 Address Scalability • Network Address Translation Concepts • NAT Configuration and Troubleshooting

  3. Do I know this? Go through the Quiz- 5 minutes

  4. 1. What does CIDR stand for? a. Classful IP Default Routing b. Classful IP D-class Routing c. Classful Interdomain Routing d. Classless IP Default Routing e. Classless IP D-class Routing f. Classless Interdomain Routing

  5. 1. What does CIDR stand for? a. Classful IP Default Routing b. Classful IP D-class Routing c. Classful Interdomain Routing d. Classless IP Default Routing e. Classless IP D-class Routing f. Classless Interdomain Routing Answer: F

  6. 2. Which of the following summarized subnets represent routes that could have been created for CIDR’s goal to reduce the size of Internet routing tables? a. 10.0.0.0 255.255.255.0 b. 10.1.0.0 255.255.0.0 c. 200.1.1.0 255.255.255.0 d. 200.1.0.0 255.255.0.0

  7. 2. Which of the following summarized subnets represent routes that could have been created for CIDR’s goal to reduce the size of Internet routing tables? a. 10.0.0.0 255.255.255.0 b. 10.1.0.0 255.255.0.0 c. 200.1.1.0 255.255.255.0 d. 200.1.0.0 255.255.0.0 Answer: D

  8. 3. Which of the following are not private addresses according to RFC 1918? a. 172.31.1.1 b. 172.33.1.1 c. 10.255.1.1 d. 10.1.255.1 e. 191.168.1.1

  9. 3. Which of the following are not private addresses according to RFC 1918? a. 172.31.1.1 b. 172.33.1.1 c. 10.255.1.1 d. 10.1.255.1 e. 191.168.1.1 Answer: B & C

  10. 4. With static NAT, performing translation for inside addresses only, what causes NAT table entries to be created? a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command

  11. 4. With static NAT, performing translation for inside addresses only, what causes NAT table entries to be created? a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command Answer: C

  12. 5. With dynamic NAT, performing translation for inside addresses only, what causes NAT table entries to be created? a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command

  13. 5. With dynamic NAT, performing translation for inside addresses only, what causes NAT table entries to be created? a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command Answer: A

  14. 6. NAT has been configured to translate source addresses of packets received from the inside part of the network, but only for some hosts. Which of the following commands identifies the hosts? a. ip nat inside source list 1 pool barney b. ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0 c. ip nat inside d. ip nat inside 200.1.1.1 200.1.1.2 e. None of the other answers are correct.

  15. 6. NAT has been configured to translate source addresses of packets received from the inside part of the network, but only for some hosts. Which of the following commands identifies the hosts? a. ip nat inside source list 1 pool barney b. ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0 c. ip nat inside d. ip nat inside 200.1.1.1 200.1.1.2 e. None of the other answers are correct. Answer: A

  16. 7. NAT has been configured to translate source addresses of packets received from the inside part of the network, but only for some hosts. Which of the following commands identifies the outside local IP addresses that are translated? a. ip nat inside source list 1 pool barney b. ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0 c. ip nat inside d. ip nat inside 200.1.1.1 200.1.1.2 e. None of the other answers are correct

  17. 7. NAT has been configured to translate source addresses of packets received from the inside part of the network, but only for some hosts. Which of the following commands identifies the outside local IP addresses that are translated? a. ip nat inside source list 1 pool barney b. ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0 c. ip nat inside d. ip nat inside 200.1.1.1 200.1.1.2 e. None of the other answers are correct Answer: E

  18. 8. Examine the following configuration commands: interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip nat inside interface Serial0/0 ip address 200.1.1.249 255.255.255.252 ip nat inside source list 1 interface Serial0/0 access-list 1 permit 10.1.1.0 0.0.0.255 If the configuration is intended to enable source NAT overload, which of the following commands could be useful to complete the configuration? a. The ip nat outside command b. The ip nat pat command c. The overload keyword d. The ip nat pool command

  19. 8. Examine the following configuration commands: interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip nat inside interface Serial0/0 ip address 200.1.1.249 255.255.255.252 ip nat inside source list 1 interface Serial0/0 access-list 1 permit 10.1.1.0 0.0.0.255 If the configuration is intended to enable source NAT overload, which of the following commands could be useful to complete the configuration? a. The ip nat outside command b. The ip nat pat command c. The overload keyword d. The ip nat pool command Answer: A & C

  20. 9. Examine the following show command output on a router configured for dynamic NAT: -- Inside Source access-list 1 pool fred refcount 2288 pool fred: netmask 255.255.255.240 start 200.1.1.1 end 200.1.1.7 type generic, total addresses 7, allocated 7 (100%), misses 965 Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause? a. The problem is not related to NAT, based on the information in the command output. b. The NAT pool does not have enough entries to satisfy all requests. c. Standard ACL 1 cannot be used; an extended ACL must be used. d. The command output does not supply enough information to identify the problem.

  21. 9. Examine the following show command output on a router configured for dynamic NAT: -- Inside Source access-list 1 pool fred refcount 2288 pool fred: netmask 255.255.255.240 start 200.1.1.1 end 200.1.1.7 type generic, total addresses 7, allocated 7 (100%), misses 965 Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause? a. The problem is not related to NAT, based on the information in the command output. b. The NAT pool does not have enough entries to satisfy all requests. c. Standard ACL 1 cannot be used; an extended ACL must be used. d. The command output does not supply enough information to identify the problem. Answer: B

  22. Any Questions?

  23. Public Vs. Private Addreses • When do you need a public IP address • When you are a server • When you communicate to other Internet hosts • Most systems don’t need a public IP • Can communicate through proxy server or share a public IP address Pg 549

  24. Network Address Translation and Private Addresses • Short term solutions to fix IP address shortage • IPV6 is long term solution-and next chapter • CIDR • Allowed summarrizing networks • Allowed subnetting Pg 550

  25. Private Addressing • Covered with IP addressing earlier Pg 552

  26. NAT Concepts • Use Private Addressing for company hosts • Use public addressing for communication through the router to Internet • Uses a valid Registered IP address to represent the private address to rest of Internet • NAT is usually performed by routers Pg 553

  27. Static NAT • A table defines all the private to public mappings • Mappings are permanent • Must have a public IP for each private UIP Pg 554

  28. Addressing Terms Pg 556

  29. Dynamic NAT • Still has one to one mapping • Inside address may get different outside address • Since not all hosts connect at once, you may have less outside addresses than inside • However, you can run out as well Pg 556

  30. Dyanmic NAT Pg 557

  31. Dyanmic NAT 1. Host 10.1.1.1 sends its first packet to the server at 170.1.1.1. 2. As the packet enters the NAT router, the router applies some matching logic to decide whether the packet should have NAT applied. Because the logic has been configured to match source IP addresses that begin with 10.1.1, the router adds an entry in the NAT table for 10.1.1.1 as an inside local address. 3. The NAT router needs to allocate an IP address from the pool of valid inside global addresses. It picks the first one available (200.1.1.1, in this case) and adds it to the NAT table to complete the entry. 4. The NAT router translates the source IP address and forwards the packet. Pg 557

  32. Overloading-PAT • Single Public IP address • Shared by all internal hosts • Mapping is done by port number • When an inside host needs an address the router recognizes the port that is used • Responses to that port on the router go to the host that originated the traffic Pg 558

  33. Overload-PAT Pg 559

  34. Translating Overlapping Addresses • NAT can also translate incoming addresses Pg 560

  35. Static Config • Step 1 Configure interfaces to be in the inside part of the NAT design using the ip nat inside interface subcommand. • Step 2 Configure interfaces to be in the outside part of the NAT design using the ip nat outside interface subcommand. • Step 3 Configure the static mappings with the ip nat inside source static insidelocal inside-global global configuration command. Pg 562

  36. Dynamic NAT Step 1 As with static NAT, configure interfaces to be in the inside part of the NAT design using the ip nat inside interface subcommand. Step 2 As with static NAT, configure interfaces to be in the outside part of the NAT design using the ip nat outside interface subcommand. Step 3 Configure an ACL that matches the packets coming in inside interfaces for which NAT should be performed. Step 4 Configure the pool of public registered IP addresses using the ip nat pool name first-address last-address mask subnet-mask global configuration command. Step 5 Enable dynamic NAT by referencing the ACL (Step 3) and pool (Step 4) with the ip nat source list acl-number pool pool-name global configuration command. Pg 565

  37. PAT Config • Step 1 As with dynamic and static NAT, configure inside interfaces with the ip nat inside interface subcommand. • Step 2 As with dynamic and static NAT, configure outside interfaces with the ip nat outside interface subcommand. • Step 3 As with dynamic NAT, configure an ACL that matches the packets coming in inside interfaces. • Step 4 Configure the ip nat source list acl-number interface interface name/ number overload global configuration command, referring to the ACL created in Step 3 and to the interface whose IP address will be used for translations. Pg 569

  38. NAT Troubles • Ensure that the configuration includes the ip nat inside or ip nat outside interface subcommand. These commands enable NAT on the interfaces, and the inside/outside designation is important. • For static NAT, ensure that the ip nat source static command lists the inside local address first and the inside global IP address second. • For dynamic NAT, ensure that the ACL configured to match packets sent by the inside host match that host’s packets, before any NAT translation has occurred. For example, if an inside local address of 10.1.1.1 should be translated to 200.1.1.1, ensure that the ACL matches source address 10.1.1.1, not 200.1.1.1. • For dynamic NAT without PAT, ensure that the pool has enough IP addresses. Symptoms of not having enough addresses include a growing value in the second misses counter in the show ip nat statistics command output, as well as seeing all the addresses in the range defined in the NAT pool in the list of dynamic translations. • For PAT, it is easy to forget to add the overload option on the ip nat inside source list command. Without it, NAT works, but PAT does not, often resulting in users’ packets not being translated and hosts not being able to get to the Internet. • Perhaps NAT has been configured correctly, but an ACL exists on one of the interfaces, discarding the packets. Note that IOS processes ACLs before NAT for packets entering an interface, and after translating the addresses for packets exiting an interface.

  39. Any Questions?

More Related