Scribd Logo
Upload

Welcome to Scribd!

  • NAT Theory

    Uploaded by

    ishaq
    15 views2 pages
    Network Address Translation (NAT) allows private IP addresses to be translated to public IP addresses to resolve IPv4 address shortage and improve security. There are different types of NAT including static NAT, dynamic NAT, and port address translation (PAT). NAT can be configured manually or automatically within network objects. The order of precedence for NAT rules is manual NAT configured first, then auto NAT, and finally any additional manual NAT rules.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Network Address Translation (NAT) allows private IP addresses to be translated to public IP addresses to resolve IPv4 address shortage and improve security. There are different types of NAT including static NAT, dynamic NAT, and port address translation (PAT). NAT can be configured manually or automatically within network objects. The order of precedence for NAT rules is manual NAT configured first, then auto NAT, and finally any additional manual NAT rules.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    15 views2 pages

    NAT Theory

    Uploaded by

    ishaq
    Network Address Translation (NAT) allows private IP addresses to be translated to public IP addresses to resolve IPv4 address shortage and improve security. There are different types of NAT including static NAT, dynamic NAT, and port address translation (PAT). NAT can be configured manually or automatically within network objects. The order of precedence for NAT rules is manual NAT configured first, then auto NAT, and finally any additional manual NAT rules.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    NAT:Network Address Translation is the process of changing or replacing either

    source ip,source port,Dest ip and Dest port.


    source ip
    source port
    Dest ip
    Dest port
    It is used to resolve ipv4 shortage
    Security to hide real add of the device
    overlapping ip address issues

    Private ip address. RFC 1918


    10.0.0.0/8 10.0.0.0-10.255.255.255
    172.16.0.0/12 172.16.0.0-172.31.255.255
    192.168.0.0/16 192.168.0.0-192.168.255.255

    --------------------------------------------------------------------
    Types of NAT:
    Static NAT one to one
    Dynamic NAT subnet to range (pool) many to many
    Static Pat many to one <-----Inbound towards ASA
    Dynamic Pat many to one ----> outbound Leaving ASA FW.

    --------------------------------------
    ! Dual Nat/Twice Nat/Destination
    !Policy NAT
    !Combo Nat
    Identity NAT
    -----------------------------------------------------------------------------------
    --
    Real Address --Address configured on the device (router/server/pc)
    Mapped Address/Translated Address--The Address which replaces the original address.
    Real interface --Inside interface ingress -traffic before translation
    Mapped interface--outside interface egress -After translation
    10.1.1.1 1.1.1.1 ---internet 8.8.8.8
    R1--fa0/0 10.1.1.1 10.1.1.10 --g1 inside ASA-g0 outside ---ISP 8.8.8.8
    -----------------------------------------------------------------------------------
    ---
    Inside NAT: Higher Security level to lower security level
    Outside NAT: Lower sec level to Higher Sec level
    -----------------------------------------------------------------------------------
    -----
    Methods of NAT:
    Auto NAT/Network Object NAT
    Nat statement is configured within the object.
    In Auto nat only source is natted (sip, sp).
    No clause for Destination
    Manual NAT: Nat statement is configured separately from object in global config
    mode.
    In Manual nat source ip ,source port,dest ip, dest port can be natted
    clause for source and Destination

    --------------------------------------------------------------------
    Precedence (order of processing)
    Manual NAT (Section 1) 10.1.1.1 1.1.1.1 --1.1.1.1
    Auto NAT (Section 2) 10.1.1.1 1.1.1.2
    Manual NAT ( After-Auto Section 3) 10.1.1.1 1.1.1.3

    ======================================================================
    Static NAT: A static NAT is a translation on which only the ip addresses are been
    modified,and the mapping between pre-translation and post translation ip addresses
    is explicitly defined.
    10.1.1.1 1.1.1.1
    int Add Translated add Destination add
    IOS Inside Local Inside global outside global outside local
    ASA real ip add mapped address Dest global address Dest global address
    EX 10.1.1.1 1.1.1.1 2.2.2.2 2.2.2.2
    Traffic can be iniated from inside or outside.
    10.1.1.1- 1.1.1.1.
    ===================================================================================
    ========================
    Precedence (order of processsing)
    Manual NAT (Section 1)
    Which ever is configured first,can be overridden using number.
    Auto NAT (Section 2)
    rule1:static,dynamic,pat
    rule2: more specific ex /29 has higher precedence than /24,
    rule 3:numerically lower ip e.x 10.3.3.1 is lower than 10.3.3.5
    rule 4: alphabetical order lower is preffered. object name DB-server is lower
    than
    DB-Server-SSH
    Manual NAT ( After-Auto Section 3) static,dynamic,pat

    ===================================================================================
    =================================

    You might also like