--> Network Address Translation (NAT) and Port Address Translation(PAT)
--> NAT
NAT is only available for router
its a routers function where IP addresses of IP datagrams are replaced at the
boundary of a private network
Nat is a method that enables hosts on private networks to communicate with
hosts on the public network
Nat is configured on the routher that is connected with private and public
networks
--> why NAT?
whatever connects directly into the internet we must have public IP addresses
there is a shortage of public IPv4 address
in the private network we always use private ip
NAT is used to convert private IP addresses to public IP addresses
--> types of nat
Static, Dynamanic and PAT
--> static NAT
Static NAT is one to one mapping of a private IP address to a public IP
address
Static NAT is useful when a network device inside a private network needs to
be accessible from internet
Command -->
ip nat inside source static <private-ip> <public-ip>
private interface side
interface <interface name>
ip nat inside
Public interface side
interface <interfae_name>
ip nat outside
check NAT table
show ip nat translations
-- port forwarding configuration
ip nat inside source static tcp <service_ip> <service_port> <public>
<public_port>
--> NAT Terminology
Inside Local: Source host address before translation, typically a private IP
address
Inside Global: Source host address used after translation to get into
internet. This is also the actual internet address which is routable
Outside Local: An IP address not routable on the internet and refers to a
device outside our network
Outside Global: An IP address that is routable on the internet and refers to
a device outside our network
--Dynamic NAT
Dynamic NAT gives you the ability to map an Private IP address to a public IP
address from a pool of public IP address. You don’t have to statically configure
your router to map each inside address an individual outside address as you would
using static NAT, but you must have enough real IP addresses for everyone who’s
going to internet at the same time. It’s many-to-many communication.
�--> command dynamic NAT configure
ip na pool <pool name> <start IP> <closing IP> netmask <SM>
access-list <acl no.> permit ip any any
ip nat inside source list <acl no.> pool <pool name>
private
interface <interface name>
ip nat inside
Public
interface <interfae_name>
ip nat outside
check NAT table
show ip nat translations
--Port Address Translation (PAT)
This is the most popular type of NAT configuration. It is overloading of
dynamic NAT that maps multiple private IP address to a single public IP address
(many to one) by using different source ports
Port Address Translation (PAT) is also known as NAT overload
PAT allows you to permit thousands of users to connect to the internet at the
same time
--Configure PAT
access-list <acl no.> permit ip any any
ip nat inside source list <acl no.> interface <public-ip-int-name> overload
private interface side
interface <int name>
ip nat inside
public interface side
interface <int name>
ip nat outside
HW -->
Rip topology
PAT add 2 web server with port forwarding
classless IP
atleast 5 routers and 3 pc in each LAN
