Wednesday, December 23, 2009

Network Address Translation


Private IP Addresses: RFC 1918


The following table lists the address ranges as specified in RFC 1918 that can be used by anyone as internal private addresses. These will be your “inside-the-LAN” addresses that will have to be translated into public addresses that can be routed across the Internet. Any network is allowed to use these addresses; however, these addresses are not allowed to be routed onto the public Internet.


Configuring Dynamic NAT: One Private to One Public Address Translation



Configuring PAT: Many Private to One Public Address Translation

All private addresses use a single public IP address and numerous port numbers for translation.




NOTE: You can have an IP NAT pool of more than one address, if needed. The syntax for this is as follows:

Corp(config)#ip nat pool scott 64.64.64.70 74.64.64.128 netmask 255.255.255.128


You would then have a pool of 63 addresses (and all of their ports) available for translation.


Configuring Static NAT: One Private to One Permanent Public Address Translation


CAUTION: Make sure that you have in your router configurations a way for packets to travel back to your NAT router. Include a static route on the ISP router advertising your NAT pool and how to travel back to your internal network. Without this in place, a packet can leave your network with a public address, but it will not be able to return if your ISP router does not know where the pool of public addresses exists in the network. You should be advertising the pool of public addresses, not your private addresses.


Verifying NAT and PAT Configurations


Troubleshooting NAT and PAT Configurations

No comments:

Post a Comment