NAT Question

Hey, I see all these posts about knowing NAT well for the 640-801 - I tried to look up some NAT information assuming that it's a whole chapter on it, but only found about 3-4 paragraphs. Can someone give me the rundown on NAT and the commands to configure it? The who, what, where, when and why's of NAT? Thanks!!!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

bighornsheep

3 or 4 paragraphs? What book are you using?

You can get the NAT chapter originally for Sybex CCNA 5th edition here:
http://www.sybex.com/WileyCDA/SybexTitle/productCd-0782143911,navId-290611,pageCd-resources.html

Kcolon1

bighornsheep wrote:

3 or 4 paragraphs? What book are you using?

You can get the NAT chapter originally for Sybex CCNA 5th edition here:
http://www.sybex.com/WileyCDA/SybexTitle/productCd-0782143911,navId-290611,pageCd-resources.html

Thanks - I have the sybex (Don't know which edition though), but I'm asking if someone can give me the detailed 411 on NAT, thanks.

dtlokee

There's lots to NAT, you can look on Cisco's website for detailed information

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcg/tiad_c/nat/index.htm

The basics for the CCNA will include static nat, dynamic nat, and overloaded nat.

Static nat, this will always translate the inside host 192.168.100.50 to 10.1.1.2:

interface serial 0/0
 ip nat outside
 ip address 10.1.1.1 255.255.255.248

Interface FastEthernet 0/0
 ip nat inside
 ip address 192.168.100.1 255.255.255.0

ip nat inside source static 192.168.100.50 10.1.1.2

Dynamic NAT, this will translate the inside hosts to a pool of addresses and any source host addresses matching the ACL will be translated:

interface serial 0/0
 ip nat outside
 ip address 10.1.1.1 255.255.255.248

Interface FastEthernet 0/0
 ip nat inside
 ip address 192.168.100.1 255.255.255.0

ip nat pool www 10.1.1.2 10.1.1.6 netmask 255.255.255.248

Access-list 1 permit 192.168.100.0 0.0.0.255

ip nat inside source list 1 pool www

The problem with the above example is there are more inside local addresses than outside local addresses, this will lead to some inside host addresses not gettign translated

Overloaded NAT (Port address translation):

interface serial 0/0
 ip nat outside
 ip address 10.1.1.1 255.255.255.248

Interface FastEthernet 0/0
 ip nat inside
 ip address 192.168.100.1 255.255.255.0

Access-list 1 permit 192.168.100.0 0.0.0.255

ip nat inside source list 1 interface serial 0/0 overload

This example will translate all of the inside local addresses to the inside global address of the serial 0/0 interface by translating the source IP address and the tcp/udp port information (the overload keyword tells the router to do this)