Lets start with the basics.
What is NAT?
NAT stands for network address translation. It is used by everyone that connects to the internet. Translates private address to public address
What is it used for?
Since IPv4 address are available in limited quantities and dropping rapidly the more users connect to the internet in addition private address can not be used on the internet.
Types of NAT
Static-allow you to create a 1to1 mapping of your private to public address, normally used for web servers or mail servers. allows inbound connection to your server based on your public address.
Dynamic-allows you to use a dynamic pool of public address, your router will dynamically map private to public address
PAT (NAT overload)-based on port numbers Router generates a port number for your private address and a port number for your public address.
Your router keeps a table to track public:port to private:port
PAT is used by almost everyone in the world including your home router
Configuring NAT
Configuring NAT is pretty straight forward, I will only configure dynamic in this example since this is the most common used.
First lets make sure we connect to internet. Since I don't have a static address I'll set my S0/0 interface to DHCP.
Now lets verify we received an address via DHCP
Success! Now lets set up DHCP for our clients.
First we will began with our exclude range
Note: Remember you must always set your DHCP exclude rage first, There is no easy way of going in and making modification to this exclude range.
First we will began with our exclude range
Note: Remember you must always set your DHCP exclude rage first, There is no easy way of going in and making modification to this exclude range.
Now lets create our pool name
Next we'll set our network
Next we will set our DNS
Finally we will set our default router (gateway)
Now I'm quickly going to bring fas 0/1 up, give it an IP address of 192.168.9.1
I've already configured my switch so lets jump into finally setting up NAT
Steps required for NAT
Identify interface (Inside Outside) Since we want to NAT our inside address and we know our inside interface is S0/1 we will set int fas 0/1 to NAT inside, it does take a few to complete the fist time.
We also need to identify our outside interface ans det it to IP NAT outside, it will be S0/0 since this is the interface we have connected to the internet
Next we need to identify our inside IP address via standard ACL, ours will be 192.168.9.0 /24
Next we will use IP NAT connection (Source destination) Our source will be a list the ACL we just created. Our destination would be out int fas 0/0
IP NAT inside source list NAT_Inside interface fas 0/0 overload
Note: overload enables PAT
Now I'm going to do a few dns ping from my switch and verify my NAT translations
Success! I see my request from my switch going through NAT translation
We can break basic NAT down into 3 simple steps
Identify Inside outside
Create ACL to permit IP address range
Finaly use IP NAT inside source list (ACL) interface (int) overload
No comments:
Post a Comment