Lic. Adm. De Empresas
Páginas: 13 (3233 palabras)
Publicado: 13 de febrero de 2013
WHITE PAPER
CISCO IOS NETWORK ADDRESS TRANSLATION
OVERVIEW In its simplest configuration, the Network Address Translator (NAT) operates on a router connecting two networks together; one of these networks (designated as inside) is addressed with either private or obsolete addresses that need to be converted into legal addresses before packets are forwarded onto the other network (designatedas outside). The translation operates in conjunction with routing, so that NAT can simply be enabled on a customer-side Internet access router when translation is desired. Use of a NAT device provides RFC 1631-style network address translation on the router hardware. The goal of NAT is to provide functionality as if the private network had globally unique addresses and the NAT device was notpresent. RFC 1631 represents a subset of Cisco IOS NAT functionality. Cisco IOS NAT supports “bi-directional translation” through the simultaneous use of “inside source” and “outside source” translations. TERMINOLOGY
Figure 1 NAT Concepts
Inside The set of networks that are subject to translation. Outside All other addresses. Usually these are valid addresses located on the Internet.
Allcontents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Page 1 of 11
Figure 2 NAT Terminology « Inside Addressing»
Inside Local Configured IP address assigned to a host on the inside network. Address may be globally unique, allocated out of the private address space defined in RFC 1918, or might be officially allocated to anotherorganization Inside Global The IP address of an inside host as it appears to the outside network, “Translated IP Address”. Addresses can be allocated from a globally unique address space, typically provided by the ISP (if the enterprise is connected to the global Internet)
Figure 3 NAT Terminology “Outside Addressing”
Outside Local The IP address of an outside host as it appears to the insidenetwork. These addresses can be allocated from the RFC 1918 space if desired.
© 2004 Cisco Systems, Inc. All right reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com Page 2 of 11
Outside Global The configured IP address assigned to a host in the outside network. Simple Translation Entry A translation entry which maps one IP address toanother. Extended Translation Entry A translation entry which maps one IP address and port pair to another. MAIN FEATURES • Static Address Translation—Telnet 207.33.94.1 The user can establish a one-to-one mapping between local and global addresses Users can also configure Static address translations to the port level, and use the remainder of the IP address for other translations. Typically whereyou are performing Port Address Translation (PAT). • Dynamic Address Translation The user can establish dynamic mapping between the local and global addresses. This is done by describing the local addresses to be translated and the pool of addresses from which to allocate global addresses, and associating the two. • Match Host The ability to configure NAT to assign the same Host portion of an IPAddress and only translate the Network prefix portion of the IP Address. Useful where you are using the host portion as a means to identify or number users uniquely. Port Address Translation (PAT)
Figure 4 Basic Concepts of PAT
© 2004 Cisco Systems, Inc. All right reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com Page 3 of 11 Figure 5 Unique Source Port per Translation Entry
Several internal addresses can be NATed to only one or a few external addresses by using a feature called Port Address Translation (PAT) which is also referred to as “overload”, a subset of NAT functionality. PAT uses unique source port numbers on the Inside Global IP address to distinguish between translations. Because the port number is...
CISCO IOS NETWORK ADDRESS TRANSLATION
OVERVIEW In its simplest configuration, the Network Address Translator (NAT) operates on a router connecting two networks together; one of these networks (designated as inside) is addressed with either private or obsolete addresses that need to be converted into legal addresses before packets are forwarded onto the other network (designatedas outside). The translation operates in conjunction with routing, so that NAT can simply be enabled on a customer-side Internet access router when translation is desired. Use of a NAT device provides RFC 1631-style network address translation on the router hardware. The goal of NAT is to provide functionality as if the private network had globally unique addresses and the NAT device was notpresent. RFC 1631 represents a subset of Cisco IOS NAT functionality. Cisco IOS NAT supports “bi-directional translation” through the simultaneous use of “inside source” and “outside source” translations. TERMINOLOGY
Figure 1 NAT Concepts
Inside The set of networks that are subject to translation. Outside All other addresses. Usually these are valid addresses located on the Internet.
Allcontents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Page 1 of 11
Figure 2 NAT Terminology « Inside Addressing»
Inside Local Configured IP address assigned to a host on the inside network. Address may be globally unique, allocated out of the private address space defined in RFC 1918, or might be officially allocated to anotherorganization Inside Global The IP address of an inside host as it appears to the outside network, “Translated IP Address”. Addresses can be allocated from a globally unique address space, typically provided by the ISP (if the enterprise is connected to the global Internet)
Figure 3 NAT Terminology “Outside Addressing”
Outside Local The IP address of an outside host as it appears to the insidenetwork. These addresses can be allocated from the RFC 1918 space if desired.
© 2004 Cisco Systems, Inc. All right reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com Page 2 of 11
Outside Global The configured IP address assigned to a host in the outside network. Simple Translation Entry A translation entry which maps one IP address toanother. Extended Translation Entry A translation entry which maps one IP address and port pair to another. MAIN FEATURES • Static Address Translation—Telnet 207.33.94.1 The user can establish a one-to-one mapping between local and global addresses Users can also configure Static address translations to the port level, and use the remainder of the IP address for other translations. Typically whereyou are performing Port Address Translation (PAT). • Dynamic Address Translation The user can establish dynamic mapping between the local and global addresses. This is done by describing the local addresses to be translated and the pool of addresses from which to allocate global addresses, and associating the two. • Match Host The ability to configure NAT to assign the same Host portion of an IPAddress and only translate the Network prefix portion of the IP Address. Useful where you are using the host portion as a means to identify or number users uniquely. Port Address Translation (PAT)
Figure 4 Basic Concepts of PAT
© 2004 Cisco Systems, Inc. All right reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com Page 3 of 11 Figure 5 Unique Source Port per Translation Entry
Several internal addresses can be NATed to only one or a few external addresses by using a feature called Port Address Translation (PAT) which is also referred to as “overload”, a subset of NAT functionality. PAT uses unique source port numbers on the Inside Global IP address to distinguish between translations. Because the port number is...
Leer documento completo
Regístrate para leer el documento completo.