IP reference

Referencia Técnica de Redes, Protocolos, Modelo OSI, TCP/IP, y otras tecnologías.

Configuring NAT (1)

Posted by Luis R. en 2008/04/28

Network Address Translation or NAT was created to represent a large number of private IP addresses for a limited quantity of public IPs; but it’s useful for network migrations and mergers (when two networks have similar IP addressing), server load sharing and to create “virtual hosts”.

Advanges:

  1. To keep the registred addresses
  2. it helps to solve IP overlaps
  3. No need to renumber as the network changes

Disadvantage:

  1. NAT increases delays
  2. No End-toEnd traces
  3. Some applications don’t support NAT

Below there’s a basic example from Cisco’s Document: Configuring Network Address Translation:Getting Started

NAT statements allow to map an address to different one, based on source, destination or other rules. The first step is to define, what are the inside and outside interfaces.

For the example 1:
We want to allow users to get to the internet, but we have only 1 Public IP used by the router’s interface Serial0 (outside). We need to NAT our network to be able to get traffic from the internet in our LAN.

LAN: 10.10.10.1
Router’s E0: 10.1.1.1
Router’s S0:  172.16.10.64

First, we must configure an IP address in the E0 interface and define it as inside
interface ethernet 0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
Then, E1 will be configured the same
interface ethernet 1
 ip address 10.10.20.1 255.255.255.0
 ip nat inside

Serial0, configuring an IP and defined as outside interface
interface serial 0
 ip address 172.16.10.64 255.255.255.0
 ip nat outside
Now, we need a NAT pool with the name no-overload; the IP range is 172.16.10.1 to 172.16.10.63
 ip nat pool no-overload 172.16.10.1 172.16.10.63 prefix 24
ip nat inside source list 7 pool no-overload

Indicates: any packets received on the inside interface and permitted by access-list 7 will have as source address translated to an address out of the NAT pool “no-overload”.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

!— Access-list 7 permits packets with source addresses ranging from
!— 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

 
A %d blogueros les gusta esto: