Professional Documents
Culture Documents
Security With NAT - EN
Security With NAT - EN
ICND v2.2—4-1
Outline
• Overview
• Introducing NAT and PAT
• Translating Inside Source Addresses
• Overloading an Inside Global Address
• Verifying the NAT and PAT Configuration
• Troubleshooting the NAT and PAT Configuration
• Summary
Private and global IP addresses
• IP addresses pooling
• Internet connection (ISP)
• IP masking
• Servers load-balansing
Main NAT operations
Private Internet
network
Private Public
Address Address
10.0.1.2 128.143.71.21
IP address pooling
NAT‘ing with different ISPs
S ourc e = 128.143.71.21 IS P 1
D estination = 213.168.112.3
a llo c a te s a d d re ss b lo c k
S ourc e = 10.0.1.2 1 2 8 .1 4 3 .7 1 .0 /2 4 to p riva te
D estination = 213.168.112.3 ne tw o rk:
128.143.71.21
private address: 10.0.1.2
public address: 128.143.71.21
N AT
128.195.4.120 d e v ic e
H1 128.195.4.120
IS P 2
P riv a te a llo ca te s a d d re s s b lo ck
n e tw o rk 1 2 8 .1 9 5 .4 .0 /2 4 to p riva te
S ourc e = 128.195.4.120
D estination = 213.168.112.3 ne tw o rk:
P rivate P ublic
A ddress A ddress
128.143.71.21
10.0.1.2
128.195.4.120
Network Address Translation
Router#debug ip nat
Verify that:
• The configuration is correct
• There are not any inbound ACLs denying the packets entry
to the NAT router
• The ACL referenced by the NAT command is permitting all
necessary networks
• There are enough addresses in the NAT pool
• The router interfaces are appropriately defined as NAT inside
or NAT outside
Summary