11 - Implementing NAT Flashcards
This is the IP of a host on inside network
inside local
This is the address the inside local is translated to.
inside global
This is typically a global address of host owner of outside network
outside global
This is the address of outside host, on the outside network, typically private address
outside local
What are the benefits of NAT?
- Eliminates need to readdress hosts
- Conserves addresses via PAT
- Network security
What are some disadvantages of NAT?
- Some applications depend on end-to-end functionality with unmodified packets
- End-to-traceability can be lost
- Complicates tunnelling protocols
- Disrupts servers that require initiation of TCP connections from outside network
- Switching delays because of translation of each address
PAT uses unique ___ numbers on the inside global address to distinguish between translations.
source port
PAT attempts to preserve the original __ port, if __ port is already allocated, it attempts to find ___ port number
source, source, next available
What are the features of a NAT virtual interface?
- Removes requirement to configure inside or outside interfaces
- Different order of operation
- Configure with ip nat enable interface command
- Performs routing operation twice, before and after translation, as opposed to classic NAT which performs routing then translates address from inside to outside or vice versa
- Because of added routing step, packets can flow from and inside interface to an inside interface, whereas classic NAT would fail
How is static NAT configured?
Configure the translation
Router(config)#Ip nat inside source static local-ip global-ip
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside
How is dynamic NAT configured?
Configure dynamic NAT address pool
router(config)# ip nat pool pool-name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Configure static ACL to define addresses to be translated
router(config)# access-list access-list-number permit source [source-wildcard]
Configure dynamic NAT translation. Overload enables use of PAT
router(config)# ip nat inside source list access-list-number pool pool-name [overload]
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside
How is PAT configured?
Configure static ACL to define addresses to be translated
router(config)# access-list access-list-number permit source [source-wildcard]
Configure PAT
router(config)# ip nat inside source list access-list-number interface interface overload
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside
How do you verify NAT translations?
show ip nat translations
How do you clear dynamic translations?
clear ip nat translation * (does not clear static translations or ones still in use)