Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chapter 24
Network Address Translation
Objectives
• Perspectives on IPv4 Address Scalability
• Network Address Translation Concepts
• NAT Configuration and Troubleshooting
Typical Use of CIDR
RFC 1918 Private Address Space
Range of IP Addresses Class of Networks Number of Networks
10.0.0.0 to 10.255.255.255 A 1
172.16.0.0 to 172.31.255.255 B 16
Inside In a typical NAT design, the term inside refers to an address used for a host inside an enterprise. An inside local
is the actual IP address assigned to a host in the private enterprise network. A more descriptive term might be
Local inside private, because often times (but not always), the inside addresses are also private addresses
Inside In a typical NAT design, the term inside refers to an address used for a host inside an enterprise. NAT uses an
inside global address to represent the inside host as the packet is sent through the outside network, typically the
Global Internet. A NAT router changes the source IP address of a packet sent by an inside host from an inside local
address to an inside global address as the packet goes from the inside to the outside network.
A more descriptive term might be inside public, because when using RFC 1918 addresses in an enterprise, the
inside global address represents the inside host with a public IP address that can be used for routing in the public
Internet
Outside In a typical NAT design, the term outside refers to an address used for a host outside an enterprise—in other
words, in the Internet. An outside global address is the actual IP address assigned to a host that resides in the
Global outside network, typically the Internet. A more descriptive term might be outside public, because the outside
global address represents the outside host with a public IP address that can be used for routing in the public
Internet
Outside NAT can translate the outside IP address—the IP address that represents the host outside the enterprise
network—although this is not a popular option. When a NAT router forwards a packet from the inside network to
Local the outside, when using NAT to change the outside address, the IP address that represents the outside host as the
destination IP address in the packet header is called the outside local IP address. A more descriptive term might
be outside private, because when using RFC 1918 addresses in an enterprise, the outside local address represents
the outside host with a private IP address from RFC 1918
Dynamic NAT
Three TCP Connections from Three PCs
TCP Connections from One PC
NAT Overload (PAT)
Consumer “Router” with LAN and WAN
Ports
Consumer Router as DHCP Server on
LAN, DHCP Client on WAN
Locations of DHCP and NAT/PAT Roles
in a Consumer Router
Sample Network for NAT Examples,
with Public Class C 200.1.1.0/24
NAT# show running-config
!
! Lines omitted for brevity
!
interface GigabitEthernet0/0
ip address 10.1.1.3 255.255.255.0
Static NAT !
ip nat inside
Configuration
interface Serial0/0/0
ip address 200.1.1.251 255.255.255.0
ip nat outside
!
ip nat inside source static 10.1.1.2 200.1.1.2
ip nat inside source static 10.1.1.1 200.1.1.1
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Dynamic NAT Verifications After
Generating Traffic
NAT# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 200.1.1.1 10.1.1.1 --- ---
!
! telnet from 10.1.1.2 to 170.1.1.1 happened next; not shown
!
! Now host 10.1.1.2 uses inside global 200.1.1.1