CCNA Routing MOD 6 NAT
Configure Dynamic NAT five step process.
Step 1 Define the pool of addresses that will be used for translation. Step 2 Configure a standard ACL to identify (permit) only those addresses that are to be translated. Step 3 Bind the ACL to the pool. Step 4 Identify which interfaces are inside, in relation to NAT. Step 5 Identify which interfaces are outside, in relation to NAT
Configure a static NAT mapping two step process.
Step 1. The first task is to create a mapping between the inside local address and the inside global addresses. Step 2. After the mapping is configured, the interfaces participating in the translation are configured as inside or outside relative to NAT.
Inside global address
The address of source as seen from the outside network. This is typically a globally routable IPv4 address.
Outside local address
The address of the destination as seen from the inside network.
Outside global address
The address of the destination as seen from the outside network. It is a globally routable IPv4 address assigned to a host on the internet.
Inside local address
The address of the source as seen from inside the network.
Query ID
Used by PAT to identify ICMP messages instead of a Layer 4 TCP/UDP port number.
Dynamic NAT
Uses a pool of public addresses and assigns them on a first-come, first-served basis. When an inside device requests access to an outside network, dynamic NAT assigns an available public IPv4 address from the pool.
Static NAT
When a single private IP address translates to a single public IP address. This is also called one-to-one mapping.
Dynamic NAT Step 2 configuration. Use standard access list 1 and inside local 192.168.0.0 /16 as the addresses eligible to be translated. Router(config)#
access-list 1 permit 192.168.0.0 0.0.255.255
Command to clear all Dynamic NAT entries before the 24 hour default translation timeout. Router#
clear ip nat translation *
Dynamic NAT Step 3 configuration. Bind an access list 1 created for inside local address translation with a pool named NAT-POOL1. Router(config)#
ip nat inside source list 1 pool NAT-POOL1
Command to configure Static NAT inside address to outside address. Router(config)#
ip nat inside source static ip_address_inLocal ip_address_inGlobal
Dynamic NAT Step 1 configuration. Use NAT-POOL1 for name and 209.165.200.226 - .240 /27 for public ip address ranges. Router(config)#
ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224
Dynamic NAT Step 4/5 configuration. Identify which interfaces are inside/outside in relation to NAT. Router(config-if)#
ip nat {inside | outside}
Port Address Translation (PAT) aka NAT Overload
maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. This is what most home routers do. The ISP assigns one address to the router, yet several members of the household can simultaneously access the internet. This is the most common form of NAT for both the home and the enterprise.
Command that displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and how many of the addresses have been allocated. Router#
show ip nat statistics
Command to verify Dynamic NAT Router#
show ip nat translations
Network Address Translation (NAT): Next available port
Because PAT attempts to preserve the original source port, there is a chance the original source port is already used. PAT assigns the first available port number starting from the beginning of the appropriate port group 0-511, 512-1,023, or 1,024-65,535 to the Inside Global IP address.
