NAT

Question 1

NAT Types: Static

Answer 1

Permanent 1:1 mapping usually between public/private IP

Used for servers which must accept incoming connections

Question 2

NAT Types: Dynamic

Answer 2

Uses a pool of public addresses which are given out on an as needed first come first served basis

Usually used for internal hosts which need to connect to the internet but do not accept incoming connections

Question 3

NAT Types: PAT

Answer 3

Port Address Translation:

Allows the same public IP address to be reused

Question 4

Command: Configure Static NAT (F0/0 = Outside | F1/0 = Inside)
Inside Address: 10.0.1.10
Outside Address: 203.0.113.3

Answer 4

interface f0/0
ip nat outside

interface f1/0
ip nat inside

(From global config):
ip nat inside source static 10.0.1.10 203.0.113.3

Question 5

Command: Verify NAT Translations

Answer 5

show ip nat translation

Question 6

Inside Local

Answer 6

The IP address actually configured on the inside host’s OS

Question 7

Inside Global

Answer 7

The NAT’d address of the inside host as it will be reached by the outside network

Question 8

Outside Local

Answer 8

The IP address of the outside host as it appears to the inside network

Question 9

Outside Global

Answer 9

The IP address assigned to the host on the outside network by the host’s owner

Question 10

Outside Local vs. Outside Global

Answer 10

For one way NAT, the Outside Local & Global addresses will be reported as being the same

Question 11

Command: Configure Dynamic NAT (F0/0 = Outside | F2/0 = Inside)
Pool Range: 203.0.113.4 to 203.0.113.14 in a /28 network
Internal IPs to Translate: 10.0.2.0/24

Answer 11

Int f0/0
Ip nat outside

Int f2/0
Ip nat inside

Ip nat pool Flackbox 203.0.113.4 203.0.113.14 netmask 255.255.255.240
–Configure the pool of global addresses

Access-list 1 permit 10.0.2.0 0.0.0.255
–Create an ACL which references the internal IPs we want to translate

Ip nat inside source list 1 pool Flackbox
–Associate the access list with the NAT pool to complete the configuration

Question 12

Command: Clear NAT Translations

Answer 12

clear ip nat translation *

Question 13

Command: Show how many addresses that have been translated

Answer 13

show ip nat statistics

Question 14

Command: Show live NAT changes

Answer 14

debug ip nat

Question 15

PAT Overview

Answer 15

PAT is an extension to NAT that permits multiple devices to be mapped to a single IP

With PAT you don’t need a public IP for every single host

The router tracks translations by IP & port number

Question 16

Dynamic NAT with Overload

Answer 16

Uses PAT to allow more clients to be translated than IP addresses are available in the NAT pool

Question 17

Command: Configure Dynamic NAT with Overload (F0/0 = Outside | F2/0 = Inside)
Pool: 203.0.113.4 to 203.0.113.6 /28
Internal IPs to Translate: 10.0.2.0/24

Answer 17

Int f0/0
Ip nat outside

Int f2/0
Ip nat inside

Ip nat pool Flackbox 203.0.113.4 203.0.113.6 netmask 255.255.255.240

Access-list 1 permit 10.0.2.0 0.0.0.255

Ip nat inside source list 1 pool Flackbox overload
–All same commands as dynamic NAT except add “overload”

Question 18

Command: Configure PAT with a Single IP (F0/0 = Outside | F1/0 = Inside)
Internal IPs to Translate: 10.0.2.0/24

Answer 18

Int f0/0
Ip address dhcp
Ip nat outside

Int f1/0
Ip nat inside

Access-list 1 permit 10.0.2.0 0.0.0.255

Ip nat inside source list 1 interface f0/0 overload