NAT Flashcards
How many NAT Types are there and what are they?
Static NAT
Dynamic NAT
PAT (Port Address Translation)
What is Static NAT?
Permanent One-to-One mapping usually between a public and private IP Address
What is Dynamic NAT?
Uses a pool of addresses which are handed out on an as needed, first come first served basis.
Usually for internal hosts which connect to the internet but do not accept incoming traffic and addresses
What is PAT?
Port Address Translation
Allows the same public IP Address to be reused by multiple internal hosts
What is a general configuration for a Static NAT?
int {int} (edge router outside)
ip nat outside
int {int} (edge router inside)
ip nat inside
global config
ip nat inside source static {internal-ip} {ip-you-want-to-convert-to-on-the-outside}
example:
ip nat inside source static 10.0.1.10 203.0.113.3
How do you verify a NAT configuration?
show ip nat translation
When viewing show ip nat translation what does Inside Local Address mean?
The IP Address actually configured on the inside host’s operating system
When viewing show ip nat translation what does Inside Global Address mean?
The NAT’d address of the inside host as it will be reached by the outside network
When viewing show ip nat translation what does Outside Local Address mean?
The IP Address of the outside host as it appears to the inside network
Context: A server off of your internal network that you’re trying to reach. This is the IP Address that the internal network will use to try and reach it on the outside.
When viewing show ip nat translation what does Outside Global Address mean?
The IP Address assigned to the host on the outside network by the external host’s owner
Context: This is the actual assigned IP Address by the external host’s owner.
Most times the Outside Global Address and the Outside Local Address will be the same
With the a standard Dynamic NAT, you need a ________________ for every inside host which needs to communicate with the outside
Public IP Address
With Standard Dynamic NAT, if you have 100 hosts inside a network that need to communicate with the outside, how many public IP Addresses would you need?
100
What does a general Dynamic NAT Configuration look like?
R1(config)#int {int} (Edge router facing OUT)
R1(config-if)#ip nat outside
R1(config)#int {int} (Edge router facing IN)
R1(config-if)#ip nat inside
R1(config)#ip nat pool {name-of-pool} {starting-ip-range} {ending-ip-range} netmask {subnet-mask}
R1(config)#access-list 1 permit {ip-network} {wildcard-mask}
R1(config)#ip nat inside source list {access-list-number} pool {name-of-nat-pool}
What are the general steps for configuring a Dynamic NAT and Pool?
- Target the outside and inside interfaces with ip nat outside and ip nat inside
- Create the pool specifying the name of the pool, the IP range and the netmask
- Create the access list that will target the hosts to be NAT’d
- Complete the configuration by tying the access list and the NAT pool together
How would you clear a single NAT Translation from the translation table?
clear ip nat translation
How would you remove ALL dynamic translation?
clear ip nat translation *
_________ is an extension to NAT that permits multiple devices to be mapped to a single public IP Address
PAT (Port Address Translation)
How does the router track translations with PAT?
IP Address and Source Port Number
With PAT, how does the router know what host to send traffic back to when it hits the internal network again?
Port Number
What is only word that is different from a Dynamic NAT to PAT configuration?
What line of the configuration is it in?
Overload
The command where you’re tying to access-list of targeted hosts to the NAT pool you created
How would you configure PAT with a single IP Address coming from an ISP DHCP Server?
R1(config)#int fa0/0 (Still the outside interface on the Edge Router)
R1(config-if)#ip address dhcp
R1(config-if)#ip nat outside
R1(config)#int fa1/0 (Inside Interface on our Router)
R1(config-if)#ip nat inside
R1(config)#access-list 1 permit 10.0.2.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface f0/0 overload
In a PAT scenario where a company doesn’t have any Public IP Addresses, how would the outside edge router get its IP Address?
DHCP
