Chapter 7: Network Address Translation

Question 1

What does NAT stand for and what is it used for?

Answer 1

Network Address Translation - used to translate private addresses to public, to connect to a broadband network.

Question 2

What are public and private addresses?

Answer 2

Private IP Addresses
RFC 1918 Address
Routable inside the Enterprise
Not routable in Public Internet
Class A: 10.0.0.0 –10.255.255.255
Class B: 172.16.0.0 –172.31.255.255
Class C: 192.168.0.0.-192.168.255.255

Public IP Addresses
Routable outside the Enterprise
(if Enterprise owns IP Address Space)
Routable inside the Enterprise

Question 3

What are inside local, inside global, outside local, and outside global?

Answer 3

• Inside:  Region Inside the Enterprise
(i.e. Inside my control)
• Local:  IP Addresses Inside the   
network
• Outside:Region Outside the Enterprise
(i.e. outside my control)
• Global: IP Addresses Outside the network

Question 4

Are the outside local and outside global are the same?

Answer 4

Depends. Outside Local=Outside Global when the edge enterprise router doesn’t know Outside Global Address, then router observes it as equal to Outside Local.

Question 5

What is PAT and how does it work?

Answer 5

• PAT allows a single public IP address to be used by many hosts on the private network using different ports
• PAT preserves original source port number.
if port is in use, PAT will assign the first available port number for the appropriate port group
• When there are no more port numbers available, PAT moves to the next public IP address in the pool if there is one.
• when sending a ping over PAT, other fields in the ping message are used as substitues for the Port Numbers

Question 6

What is the difference between Staic and dynamic NAT?

Answer 6

Static NAT:

• Assigns one public IP address to one private IP address
• Commonly used for servers that need to be accessed by external devices

Dynamic NAT:

• Assigns a public IP address from a pool of addresses
• NAT translation remains in NAT table based on configured timer duration
• The number of internal devices that can transmit outside the company is limited to the number of public IP addresses in the pool.

Question 7

What are the advantages of NAT?

Answer 7

• Every company can use the private IP addresses
• Adds services like server load balancing
• Do not have to re-address the network if a new ISP or public IP address is assigned
• Provides limited network security by hiding private IP addresses

Question 8

What are the disadvantages of NAT?

Answer 8

• Performance is degraded -The NAT-enabled border device must track and process each session destined for an external network.
• End-to-end IP traceability is lost.
• Tunneling becomes more complicated –requires NAT Traversal
• Initiating TCP connections can be disrupted.

Question 9

How is Static NAT configured?

Answer 9

• ip nat inside source statiuc local-ip global-ip
• int g0/0
• ip nat inside

Question 10

How is Dynamic NAT configured?

Answer 10

• access-list 1 permit 192.168.1.0 0.0.0.255
• ip nat pool public_access 209.165.200.242 209.165.200.254 netmask 255.255.255.224
• ip nat inside source list 1 pool public_access

Question 11

What is Port forwarding and what does it do?

Answer 11

• Port forwarding allows an external device to reach a device on a specific port number and the device is located on an internal (private) network.
• Required for some peer-to-peer file-sharing programs and operations such as web serving and outgoing FTP
• Solves the problem of NAT only allowing translations for traffic destined for external networks at the request of internal devices.