Embed Size (px)
DESCRIPTION
Citation preview
1
Guided By :-Mr. Barinder Singh
Presented By :-
INTERNET
NETMAX TECHNOLOGIES as an organization is established in 2001 in the field of Network Support, Network training, Software training and Embedded systems.
NETMAX TECHNOLOGIES also provide Technical Research & Development support and consultancy to some companies. NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems given below:
Network Training:
CISCO CCNA, CCNP RED HAT LINUX 5 WINDOWS 2000, 2003 (MCP,MCSA & MCSE) MCITP 2008.
2
Software Training:CC++JAVA ( CORE JAVA & ADVANCE JAVA).NET (ASP.NET).
We provide Technical support and consultancy to electronics companies in the field of Embedded micro controllers like 8 bit and 16 bit family based embedded system design, analog systems design. Power electronics including dc/dc converters, ac/dc converters, thyristor firing based circuit, battery charging and monitor circuits etc.
3
5
Problems with IPv4
Shortage of IPv4 addresses
Allocation of the last IPv4 addresses was for the year 2005
Address classes were replaced by usage of CIDR, but this is not sufficient
Short term solution
NAT: Network Address Translator
Long term solution
IPv6 = IPng (IP next generation)
Provides an extended address range
6
NAT: Network Address TranslatorNAT: Network Address Translator
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
Public Network
Uses public addresses
Public addresses are globally unique
Private Network
Uses private address range (local addresses)
Local addresses may not be used externally
Inside Local
The term “inside” refers to an address used for a host inside an enterprise. It is the actual IP address assigned to a host in the private enterprise network.
Inside Global
NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet.
A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. 7
8
Outside Global
The term “outside” refers to an address used for a host outside an enterprise, the Internet.
An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet.
Outside Local
NAT uses an outside local address to represent the outside host as the packet is sent through the private network.
This address is outside private, outside host with a private address
9
10
• An IP address is either local or global.
• Local IP addresses are seen in the inside network.
There are different types of NAT that can be used, which are : -
Static NAT Dynamic NAT Overloading NAT with PAT (NAPT)
11
Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.
In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110.
12
Dynamic NAT : – Maps an unregistered IP address to a
registered IP address from a group of registered IP addresses.
In dynamic NAT, the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150.
13
Overloading: - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP address (213.18.123.100), but with a different port number assignment..
14
15
• For each interface you need to configure INSIDE or OUTSIDE
B
A 10.0.0.1
200.0.0.1
10.0.0.2
10.0.0.3
10.0.0.254
R1(config)#Int fastethernet 0/0R1(config-if)# IP NAT insideR1(config-if)##Int s 0/0R1(config-if)# IP NAT outsideR1(config-if)# ExitR1(config)# ip NAT inside source static 10.0.0.1 200.0.0.1To see the tableR1(config)#show ip nat translationsR1(config)#show ip nat statistics
E0 S0 Internet
C
16
Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT.
The dynamic entry in the NAT table stays in there as long as traffic flows occasionally.
If a new packet arrives, and it needs a NAT entry, but all the pooled IP addresses are in use, the router simply discards the packet.
17
Instead of creating static IP, create a pool of IP Address, Specify a range.
Create an access list and permit hosts.
Link Access list to the Pool.
18
19
• For each interface you need to configure INSIDE or OUTSIDE
S0200.0.0.1/200.0.0.254
InternetE0B
A 10.0.0.1
C
10.0.0.2
10.0.0.3
10.0.0.254
Create an Access ListR1(config)# Access-list 1 permit 10.0.0.0 0.255.255.255
Configure NAT dynamic PoolR1(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0
Link Access List to PoolR1(config)# IP NAT inside source list 1 pool pool1
Overloading an inside global address. NAT overload only one global IP shared among all hosts.
20
B
A 10.0.0.1
C
10.0.0.2
10.0.0.3
10.0.0.254
E0200.0.0.1
Shared Global IP
200.0.0.1:1025
200.0.0.1:1026
200.0.0.1:1027
InternetS0
21
22
23
24
25
26
27
28
R1#config tR1(config)# int e 0R1(config-if)# ip nat insdeR1(config)# int s 0R1(config-if)# ip nat outsideR1(config)#access-list 1 permit 192.168.10.0
0.0.0.255R1(config)#ip nat inside source list 1 interface s 0
overload
To see host to host ping configure static or dynamic routing
To check translation#sh ip nat translations
29
R2#config tR2(config)# int e 0R2(config-if)# ip nat insdeR2(config)# int s 0R2(config-if)# ip nat outsideR2(config)#access-list 1 permit 192.168.20.0 0.0.0.255R2(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static or dynamic routing
To check translation#sh ip nat translations
S0S0
E0
192.168.10.2A B
200.0.0.2
192.168.10.1
200.0.0.1
192.168.20.2
192.168.20.1E0
Each organisation comprises a router, to route the data from and to isp. There are manageable switches in each organisation and we have created separate vlans for servers and internet clients.
If we want the communication between the internet clients and servers then we configure inter vlans concept on the router. And if we want to block some internet clients cannot access our servers then we create acl for that particular user.
These organisations are linked externally to an isp which provides live(public) ip addresses to each organisation, and isp also provides the internet connections to others.
LOCAL ENVIRONMENT OF ORG.LOCAL ENVIRONMENT OF ORG.
ORG 1
Vlan 2 Name = SERVER
Vlan 3 Name = INTERNET
F0/0.1 = vlan 2(10.0.0.0/8)F0/0.2 = vlan 3 (192.168.10.0/24)
VLAN VLAN CONFIGURATATIONCONFIGURATATION
Vlan 2Name = sale10.0.0.0/8
Vlan 3 Name = mkt
192.168.10.0/24
ORG 1 Manageable Switch
VLAN VLAN CONFIGURATATIONCONFIGURATATION
Switch#vlan databaseSwitch(vlan)#vlan 2 name saleSwitch(vlan)#vlan 3 name mkt
Switch(vlan)#exitSwitch#config t
Switch(config)#int range f0/1 - 3Switch(config-range-if)#switchport access vlan 2
Switch(config-range-if)#exitSwitch(config)#int range f0/3 – 4
Switch(config-range-if)#switchport access vlan 3Switch(config-range-if)#exit
Switch(config)#int f0/12Switch(config-if)#switchport mode trunk
ORG1(config)#int f0/0 ORG1(config-if)#no sh ORG1(config-if)#exit ORG1(config)#int f0/0.1 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 10.0.0.1 255.0.0.0 ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int f0/0.2 ORG1(config-subif)#encapsulation dot1q 3 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address 192.168.10.1
255.255.255.240 ORG1(config-subif)#no sh ORG1(config-subif)#exit
ISP ENVIRONMENTWe have place our web server in the private area so that the internet client cannot directly access it. So, we have configured static nat and open port number 80(http) only.
In our organisation our clients want to access internet so we will configure dynamic nat with overload for clients.
ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80
ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax
200.10.10.18 200.10.10.18 netmask 255.255.255.240
ORG1(config)#ip nat inside source list 20 pool netmax overload
