11 - Implementing NAT Flashcards

1
Q

This is the IP of a host on inside network

A

inside local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This is the address the inside local is translated to.

A

inside global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This is typically a global address of host owner of outside network

A

outside global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This is the address of outside host, on the outside network, typically private address

A

outside local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the benefits of NAT?

A
  • Eliminates need to readdress hosts
  • Conserves addresses via PAT
  • Network security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some disadvantages of NAT?

A
  • Some applications depend on end-to-end functionality with unmodified packets
  • End-to-traceability can be lost
  • Complicates tunnelling protocols
  • Disrupts servers that require initiation of TCP connections from outside network
  • Switching delays because of translation of each address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PAT uses unique ___ numbers on the inside global address to distinguish between translations.

A

source port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PAT attempts to preserve the original __ port, if __ port is already allocated, it attempts to find ___ port number

A

source, source, next available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the features of a NAT virtual interface?

A
  • Removes requirement to configure inside or outside interfaces
  • Different order of operation
  • Configure with ip nat enable interface command
  • Performs routing operation twice, before and after translation, as opposed to classic NAT which performs routing then translates address from inside to outside or vice versa
  • Because of added routing step, packets can flow from and inside interface to an inside interface, whereas classic NAT would fail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How is static NAT configured?

A

Configure the translation
Router(config)#Ip nat inside source static local-ip global-ip
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is dynamic NAT configured?

A

Configure dynamic NAT address pool
router(config)# ip nat pool pool-name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Configure static ACL to define addresses to be translated
router(config)# access-list access-list-number permit source [source-wildcard]
Configure dynamic NAT translation. Overload enables use of PAT
router(config)# ip nat inside source list access-list-number pool pool-name [overload]
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is PAT configured?

A

Configure static ACL to define addresses to be translated
router(config)# access-list access-list-number permit source [source-wildcard]
Configure PAT
router(config)# ip nat inside source list access-list-number interface interface overload
Configure the inside and outside interfaces
Router(config-if)#Ip nat inside
Router(config-if)#Ip nat outside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you verify NAT translations?

A

show ip nat translations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you clear dynamic translations?

A

clear ip nat translation * (does not clear static translations or ones still in use)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly