Resources
C. NAT
1.1. NAT allows several hosts be connected to Internet
by using fewer globally unique IP addresses. This in turn results in conserving
the scarce public IP addresses. The terms public / global is used in the
sense that the IP addresses are globally unique and officially registered.
2. NAT supports load sharing on inside machines. The inside machines are
accessed in a round robin fashion, thus sharing load.
3. NAT offers
some degree of security since IP addresses are not easily traceable. This
is because, the actual host IP that is accessing the Internet is translated
into outside IP address and vice versa. Thus, NAT offers protection against
hacking.
4. One disadvantage of NAT is that it increases delay.
This is obvious since address translation is involved.
5. Another disadvantage
of NAT is that, when an application uses physical IP address, it may not
function properly. This is because the physical IP address is changed by
NAT.
2. NAT (Network Address Translation) can be broadly classified as below:
1. Static NAT: Static NAT maps an unregistered IP address to registered
IP (globally unique) addresses on one-to-one basis. The command used for
this purpose is: ip nat inside source static <local-ip> <global-ip>,
where, <local-ip> is the local IP address assigned to a host on the inside
network. <global-ip> is the globally unique IP address of an inside host
as it appears to the outside world.
2. Dynamic NAT: Maps an unregistered
IP address to a registered (globally unique) IP address from a group of
registered (globally unique) IP addresses.
3. Overloading - A special
case of dynamic NAT that maps multiple unregistered IP addresses to a single
registered (globally unique) IP address by using different port numbers.
Dynamic NAT with overloading is also known also as PAT (Port Address Translation).
4. Overlapping - This occurs when your internal IP addresses belong to global
IP address range that belong to another network. In such case, the internal
IP addresses need to be hidden from the outside network to prevent duplication.
NAT overlapping allows the use of internal global addresses by mapping them
to globally unique IP addresses using static or dynamic NAT.
3. The correct syntax for enabling dynamic NAT to translate many inside hosts to an inside global IP address is: ip nat inside source list <access-list-number> pool <pool-name> overload where <access-list-number> is the standard access list number, and <pool-name> is the pool name. Note that the option 'overload' specifies many to one relationship. This configuration is typically used when many hosts with private IP addresses need to access Internet through a specified globally unique IP address.
4. Enable dynamic NAT on an interface include the following:
1. Defining a standard IP access-list using the command: access-list <access-list-number>
{permit | deny} <local-ip-address>
2. Defining an IP NAT pool
for the inside network using the command: ip nat pool <pool-name> <start-ip> <end-ip>
{netmask <net-mask> | prefix-length <prefix-length>} [type-rotary]
Note that type-rotary is optional command. It indicates that the IP address
range in the address pool identifies hosts among which TCP load is distributed.
3. Mapping the access-list to the IP NAT pool by using the command: ip nat
inside source list <access-list-number> pool <pool-name>
4. Enabling NAT on at least one inside and one outside interface using the
command: ip nat {inside | outside}
Cert-Ex™ Exam Simulators, Cert-Ex™ Network Simulator, Cert-Ex™ Cheatsheets are written independently by CertExams.com and not affiliated or authorized by respective certification providers. Cert-Ex™ is a trade mark of CertExams.com or entity representing Certexams.com.