Contents
- 1 News & Tools
- 2 Stateful Firewall
- 3 Network Address Translation (NAT)
- 4 NAT Address Designations
- 5 Troubleshooting NAT with Cisco IOS Commands
- 6 Here’s a simple example of a basic static NAT configuration:
- 7 Here is a sample output of a dynamic NAT configuration:
- 8 Here is a sample output of a PAT configuration:
- 9 More on NAT…
- 10 Hands-On Lab-10: Network Address Translation (NAT)
- 11 Read / Watch / Do
- 12 Study for Exam 2
- 13 Better Focus and Efficient Studying When Not Multitasking
News & Tools
- Securing your digital life, part one: The basics – In this first of two parts, we go over some security steps everyone should be taking.
- You Should Have the Right to Sue Companies That Violate Your Privacy
- NAT Router Security Solutions: Tips & Tricks You Haven’t Seen Before
- GRC’s Link Farm
- Cyberconfusion: Cyber Security, Cyber-Security or Cybersecurity?
Stateful Firewall
- Stateful vs. Stateless Firewall Differences
- Understanding Firewalls Through the Lens of Stateful Protocol Inspection
Network Address Translation (NAT)
What does a NAT router do? A NAT router creates a local area network (LAN) of private IP addresses and interconnects that LAN to the wide area network (WAN) known as the Internet. The “Network Address Translation” (NAT) performed by the router allows multiple computers (devices) connected to the LAN behind the router to communicate with the external Internet.1
- Network Address Translation (NAT) allows many inside IP addresses to be represented by some smaller number of outside/public IP addresses.
- Static NAT
- Dynamic NAT
- Port Address Translation (PAT) a.k.a. Dynamic NAT with Overload
NAT Address Designations
| Inside Local | Source host inside address before translation. |
| Outside Local | An IP address from which source host is known on the Internet. This is usually the address of the router interface connected to ISP—the actual Internet address. |
| Inside Global | Source host address used after translation to get onto the Internet. This is also the actual Internet address. |
| Outside Global | Address of outside destination host and, again, the real Internet address. |
Troubleshooting NAT with Cisco IOS Commands
- show ip nat translations
- clear ip nat translation *
- show ip nat statistics
- debug ip nat
Here’s a simple example of a basic static NAT configuration:
ip nat inside source static 10.1.1.1 170.46.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside !
Here is a sample output of a dynamic NAT configuration:
ip nat pool todd 170.168.2.3 170.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool todd ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 !
Here is a sample output of a PAT configuration:
ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0 ip nat inside source list 1 pool globalnet overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255
More on NAT…
- How Network Address Translation Works
- Cisco IOS Network Address Translation Overview
- CCNA CCNP Training – No confusion with IP NAT Inside Outside Local Global
- Set up Port Address Translation (PAT) in the Cisco IOS
- RIP Passive Interface
- NAT Router Security Solutions – Tips & Tricks You Haven’t Seen Before
- GRC’s Link Farm
Hands-On Lab-10: Network Address Translation (NAT)
- Use Cisco Packet Tracer v8.x
- You must be present for this class, and submit your 100% Packet Tracer file, to get full credit for this lab.
- This lab consists of four parts.
- Log into Cisco Packet Tracer
- Download the Lab Assets zip file (contains 4 parts)
- Unzip/extract the Lab Packet Tracer files
- Rename the Labs files with YourLastName, YourFirstName
- Open the Lab pka file in Packet Tracer
- Read the instructions!!!!!
- E-mail your 100% Lab to me. Subject: CST3607 Lab-10 YourLastName, YourFirstName
- The passwords are included in the lab instructions. Read!!!!
- 1st password to log into a switch or router is the “console” password
- 2nd password to get into privileged mode is the “secret” password
Read / Watch / Do
CCNA Certification Study Guide, Volume 2
- Read Chapter 12 (IP Services, Monitoring)
- Do the Written Labs
- Answer the Review Questions
- Do not submit your answers for this chapter. The answers are in Appendix.