CST3607 Class Notes 2021-11-18

News & Tools

Stateful Firewall

Network Address Translation (NAT)

What does a NAT router do? A NAT router creates a local area network (LAN) of private IP addresses and interconnects that LAN to the wide area network (WAN) known as the Internet. The “Network Address Translation” (NAT) performed by the router allows multiple computers (devices) connected to the LAN behind the router to communicate with the external Internet.1

  • Network Address Translation (NAT) allows many inside IP addresses to be represented by some smaller number of outside/public IP addresses.
    • Static NAT
    • Dynamic NAT
    • Port Address Translation (PAT) a.k.a. Dynamic NAT with Overload

NAT Address Designations

Inside LocalSource host inside address before translation.
Outside LocalAn IP address from which source host is known on the Internet. 
This is usually the address of the router interface connected to ISP—the actual Internet address.
Inside GlobalSource host address used after translation to get onto the Internet.
This is also the actual Internet address.
Outside GlobalAddress of outside destination host and, again, the real Internet address.

Troubleshooting NAT with Cisco IOS Commands

  • show ip nat translations
  • clear ip nat translation *
  • show ip nat statistics
  • debug ip nat

Here’s a simple example of a basic static NAT configuration:

ip nat inside source static 10.1.1.1 170.46.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 170.46.2.1 255.255.255.0
ip nat outside
!

Here is a sample output of a dynamic NAT configuration:

ip nat pool todd 170.168.2.3 170.168.2.254
netmask 255.255.255.0
ip nat inside source list 1 pool todd
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!

interface Serial0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
!

Here is a sample output of a PAT configuration:

ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0
ip nat inside source list 1 pool globalnet overload
!
interface Ethernet0/0
    ip address 10.1.1.10 255.255.255.0
    ip nat inside
!
interface Serial0/0
    ip address 170.168.2.1 255.255.255.0
    ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255 

More on NAT…

Hands-On Lab-10: Network Address Translation (NAT)

  • Use Cisco Packet Tracer v8.x
  • You must be present for this class, and submit your 100% Packet Tracer file, to get full credit for this lab.
  • This lab consists of four parts.
  1. Log into Cisco Packet Tracer
  2. Download the Lab Assets zip file (contains 4 parts)
  3. Unzip/extract the Lab Packet Tracer files
  4. Rename the Labs files with YourLastName, YourFirstName
  5. Open the Lab pka file in Packet Tracer
  6. Read the instructions!!!!!
  7. E-mail your 100% Lab to me. Subject: CST3607 Lab-10 YourLastName, YourFirstName
  8. The passwords are included in the lab instructions. Read!!!!
  • 1st password to log into a switch or router is the “console” password
  • 2nd password to get into privileged mode is the “secret” password

Read / Watch / Do

CCNA Certification Study Guide, Volume 2

  • Read Chapter 12 (IP Services, Monitoring)
  • Do the Written Labs
  • Answer the Review Questions
    • Do not submit your answers for this chapter. The answers are in Appendix.

Study for Exam 2

Better Focus and Efficient Studying When Not Multitasking