CCNA Training-Network Address Translation

.
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks

CCNA Training-Network Address Translation


CCNA Training-Network Address Translation

Posted: 21 Sep 2010 12:05 PM PDT


Network Address Translation (NAT) is a networking process which is used to remap a specific IP address space into another IP address space by modifying the information in the TCP/IP packet header while the packets are being transmitted across a routing device. E.g.(router, firewall etc). Usually the modification is done on the source IP address of the packet which is changed to a different IP address.

Network Address Translation (NAT) is used to hide an entire IP address space which is usually of a private network. For example, a network administrator would utilize NAT to hide the private IP address space of his LAN network under a single IP address from a different IP address space.

Network Address Translation (NAT) is able to accomplish this by using a state-full translation table to map the private addresses into a single IP address and then readdress the outgoing IP packets so that they appear to be originating from the router's Internet facing interface.

There are different types of NAT which can perform different functions. Some of these include Static NAT, PAT and Dynamic NAT. Many devices that support NAT today will allow you to configure the entries in the translation table permanently. This is known as Static NAT. You also have the process of translating the IP addresses as well as the port numbers. This process is known as Port Address Translation (PAT). It is also sometimes referred to as Network Address Port Translation (NAPT). Dynamic NAT is different from Static NAT in that Static NAT provides a one to one internal address to public address mapping. Dynamic NAT is not static and it usually utilizes a group of public IP addresses to translate a group of private IP addresses.

Here is a simple tutorial of how you can Implement NAT in a network.

We have 14 hosts that will need simultaneous Internet connection. Our hosts are assigned private IP addresses (192.168.100.17 to 192.168.100.30). We were given 6 IP addresses from our ISP (198.18.184.105 to 198.18.184.110).

After completing our basic router configuration (for example purposes we will assume that a static route is in place between the router and ISP) and configuration of the interfaces, we will use the following commands:

Router>enable
Router#configure terminal

Set the router name to R1

Router(config)#hostname R1

Configure this interface for Nat inside. This is connected to the network to be translated.

R1(config)#interface fastethernet 0/0
R1(config-if)#ip nat inside

Configure this interface for Nat outside. This is connected to the mapped network.

R1(config)#interface serial 0/0
R1(config-if)#ip nat outside

Create an access-list to match the router's LAN address range that will be translated.

R1(config)#access-list 10 permit 192.168.100.16 0.0.0.15

Create a NAT Pool with pool name isp_adress and specify the public pool address range given by the ISP with their netmask.

R1(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Next we will use the Overload keyword to use Port based NATing to support the router's LAN address range.
R1(config)#ip nat inside source list 10 pool isp_adr overload

Testing:
Our aim was to allow the 14 hosts on the private network to access the internet. We will simply ping the ISP for verification using the connected serial interface to that ISP. Let's say it is S0/1. We would do the following:

Go to an internal host to test
C:\>ping 192.0.2.114

The ping should be successful to 192.0.2.114 which is the serial interface of the ISP.

On console of the router (R1):
Issue the show ip nat translation command to verify the NAT translations.
R1# show ip nat translation

If we used an internal host with IP address 192.168.100.17 we should receive this output:

Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:434 192.168.100.17:434 192.0.2.113:434 192.0.2.114:434
icmp 198.18.184.105:435 192.168.100.17:435 192.0.2.113:435 192.0.2.114:435
icmp 198.18.184.105:436 192.168.100.17:436 192.0.2.113:436 192.0.2.114:436
icmp 198.18.184.105:437 192.168.100.17:437 192.0.2.113:437 192.0.2.114:437
icmp 198.18.184.105:438 192.168.100.17:438 192.0.2.113:438 192.0.2.114:438

Information Commissioner slams NHS Trust for lost USB stick

Posted: 21 Sep 2010 09:00 AM PDT


The Information Commissioner's Office (ICO) has found East & North Hertfordshire NHS Trust in breach of the Data Protection Act after an unencrypted USB stick containing patient data was lost on a train.

23% of university students have hacked into an IT system

Posted: 21 Sep 2010 09:00 AM PDT


Nearly a quarter (23 percent) of university students have successfully hacked into IT system, says Tufin Technologies.

Legally defensible security on HIPAA, CMR 17

Posted: 21 Sep 2010 09:00 AM PDT


HIPAA and HITECH compliance is not necessarily the same as Mass 201 CMR 17 compliance, but there are common procedures to achieve "legally defensible" security.

ZoneAlarm angers users with virus scare pop-up

Posted: 21 Sep 2010 09:00 AM PDT


The makers of the popular ZoneAlarm firewall, Check Point Software, have been accused of using scare tactics to get users to upgrade to the paid version of the software.

ArcSight beefs up security range

Posted: 21 Sep 2010 09:00 AM PDT


ArcSight has announced a new range of security and compliance products

Twitter hack sees websites opened without clicking links

Posted: 21 Sep 2010 09:00 AM PDT


Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

Twitter fixes cross-site scripting flaw

Posted: 21 Sep 2010 09:00 AM PDT


A serious security flaw was apparently found on Twitter on Tuesday but was quickly fixed.

Twitter 'mouse over' security flaw causing problem

Posted: 21 Sep 2010 09:00 AM PDT


The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link, according to security firm Sophos.

RIAA, MPAA Websites Pummeled By 4chan’s Wrath

Posted: 21 Sep 2010 09:00 AM PDT


The Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) fell victim to the wrath of 4chan members this weekend. A series of coordinated DDoS (Distributed Denial-of Service) attacks against the media trade groups' websites temporarily brought them to their knees.

Was Stuxnet built to attack Iran's nuclear program?

Posted: 21 Sep 2010 09:00 AM PDT


A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.

Gartner: Mobile commerce growth outpaces anti-fraud tools

Posted: 20 Sep 2010 09:00 AM PDT


By 2014, about 12% of all e-commerce transactions will be made using smartphones and other mobile devices, but fraud detection tools for mobile commerce are lagging, Gartner said today.

Apple releases Security Update 2010-006 for Snow Leopard

Posted: 20 Sep 2010 09:00 AM PDT


Users of Mac OS X 10.6 Snow Leopard have a minor security fix waiting for them in Software Update.

Nations, companies should prepare for cyberwar, experts say

Posted: 20 Sep 2010 09:00 AM PDT


The world hasn't yet seen examples of true cyberwar, although governments around the world need to prepare for it, an expert in cybersecurity law from Estonia said Monday.

Apple, Adobe patch critical bugs

Posted: 20 Sep 2010 09:00 AM PDT


Adobe Systems and Apple released security updates Monday, including a critical Adobe Flash Player fix for a flaw that had been used in cyberattacks.

0 comments:

Post a Comment