Day 8 - NAT

Question 1

NAT is defined in RFC _____

Answer 1

3022

Question 2

NATs key use is to conserve __________ by allowing networks to use __________ IPv4 addresses

Answer 2

IPv4 addresses
private

Question 3

NAT translates nonroutable, __________ and _________ addresses into routable ___________ addresses

Answer 3

Private
Internal
Public

Question 4

In NAT terminology, the __________ __________ is the set of networks that are subject to translation

Answer 4

Inside network

Question 5

Solve for the definition for NAT addresses:

Most likely a private address used by a PC either statically or dynamically within the boundaries of a local network

Answer 5

Inside local address

Question 6

Solve for the definition for NAT addresses:

A valid public address that the inside host is given when it exits the NAT router

Answer 6

Inside global address

Question 7

Solve for the definition for NAT addresses:

A reachable IPv4 address assigned to a host on the internet

Answer 7

Outside global address

Question 8

Solve for the definition of the type of NAT:

Permanent One-to-One mapping usually between a public and private IP Address

Answer 8

Static NAT

Question 9

Solve for the definition of the type of NAT:

Uses a pool of addresses which are handed out on an as needed, first come first served basis.

Usually for internal hosts which connect to the internet but do not accept incoming traffic and addresses

Answer 9

Dynamic NAT

Question 10

Solve for the definition of the type of NAT:

Allows the same public IP Address to be reused by multiple internal hosts

Answer 10

PAT (Port Address Translation)

Question 11

What is another term for Port Address Translation (PAT)?

Answer 11

NAT Overload

Question 12

Other than the IP address what is also tracked when using PAT?

Answer 12

Port numbers

Question 13

NAT overload attempts to preserve the original __________ ___________

Answer 13

Source port

Question 14

What 3 port groups can NAT Overload assign to?

Answer 14

0-511
512-1023
1024-65535

Question 15

What are these considered below, concerning NAT

Performance is degraded
End-to-End functionality is degraded
End-to-End IP traceability is lost
Tunneling is more complicated
Services can be disrupted

Answer 15

These are all limitations of NAT

Question 16

Based on the topology, configure static NAT mapping the local server to an global IP of 209.165.200.254

Answer 16

R1
ip nat inside source static 192.168.10.254 209.165.200.254

interface serial0/0/0
ip nat inside

interface serial0/1/0
ip nat outside

Question 17

Based on the topology, configure dynamic NAT for a pool called NAT-POOL1 that is ranging from IP address 209.165.200.226 - 209.165.200.240 with 32 available addresses

Be sure and permit the internal network to be able to be NAT’d

Answer 17

R1
ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224

access-list 1 permit 192.168.0.0 0.0.255.255

ip nat inside source list 1 pool NAT-POOL1

int serial 0/0/0
ip nat inside

int serial 0/1/0
ip nat outside

Question 18

Based on the topology, configure NAT to overload serial interface 0/0/0 that permits the 192.168.X.X network to be able to be NAT’d

Answer 18

R1
access-list 1 permit 192.168.0.0 0.0.255.255

ip nat inside source list 1 int serial 0/1/0 overload

int s0/0/0
ip nat inside

int serial 0/1/0
ip nat outside

Question 19

Based on the topology, configure dynamic NAT for a pool called NAT-POOL1 that is ranging from IP address 209.165.200.226 - 209.165.200.240 with 32 available addresses. Make sure to overload this pool

Be sure and permit the internal network to be able to be NAT’d

Answer 19

R1
ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224

access-list 1 permit 192.168.0.0 0.0.255.255

ip nat inside source list 1 pool NAT-POOL1 overload

int serial 0/0/0
ip nat inside

int serial 0/1/0
ip nat outside

Question 20

What command would you use to verify current NAT translations?

Answer 20

show ip nat translations

Question 21

What verification command would show information about the total number of active translations, configuration parameters, number of addresses in the pool, etc.

Answer 21

show ip nat statistics

Question 22

What command would you use to clear dynamic NAT entries

Answer 22

clear ip nat translation *

Question 23

What command would you use to verify the operation of the NAT feature by displaying information about every packet that the router translates?

Answer 23

debug ip nat

Question 24

When viewing show ip nat translation what does Inside Local Address mean?

Answer 24

The IP Address actually configured on the inside host’s operating system

Question 25

When viewing show ip nat translation what does Inside Global Address mean?

Answer 25

The NAT’d address of the inside host as it will be reached by the outside network

Question 26

When viewing show ip nat translation what does Outside Local Address mean?

Answer 26

The IP Address of the outside host as it appears to the inside network

Context: A server off of your internal network that you’re trying to reach. This is the IP Address that the internal network will use to try and reach it on the outside.

Question 27

When viewing show ip nat translation what does Outside Global Address mean?

Answer 27

The IP Address assigned to the host on the outside network by the external host’s owner

Context: This is the actual assigned IP Address by the external host’s owner.

Most times the Outside Global Address and the Outside Local Address will be the same