nat vpn
Download
Skip this Video
Download Presentation
NAT & VPN

Loading in 2 Seconds...

play fullscreen
1 / 9

NAT & VPN - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

NAT & VPN. Lecture 8 Hassan Shuja 05/02/2006. NAT. Network Address Translation (NAT) Allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet Host might be using a private address or address assigned to another organization

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' NAT & VPN' - talon-spencer


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
nat vpn

NAT & VPN

Lecture 8

Hassan Shuja

05/02/2006

slide2
NAT
  • Network Address Translation (NAT)
    • Allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet
      • Host might be using a private address or address assigned to another organization
    • The source IP address is changed within the packet from the private to the public address.
    • Cisco terminology uses “Inside” and “Outside” to describe where the IP addresses reside
      • “local” and “global” are also used to describe the location of the IP addresses
    • A table is kept with the translation
  • Static NAT
    • A one to one mapping is setup where the inside address is always mapped to the same outside address
      • This mapping does not change
      • A second private address will require a second public address
slide3
NAT
  • Dynamic NAT
    • A one to one mapping is setup where the inside IP addresses are dynamically assigned to a pool of outside addresses
      • If all addresses in the outside pool are being used, then the host will not be able to access the outside
  • Dynamic NAT & Static NAT
    • Dynamic NAT and Static NAT can work together
      • It is possible to setup a pool addresses and also statically map some of the addresses
  • NAT Overload
    • Overloading allows NAT to scale to support many clients to one IP address
      • Also referred to as PAT
    • Instead of just translating the IP address, it also translates the port number
    • The translation table also maintains the port number
slide4
NAT
  • NAT Configuration
    • The interfaces on router need to be designated as the “inside” and “outside” interface
      • “ip nat inside”
      • “ip nat outside”
  • Static NAT Configuration
    • Configuration commands
      • “ip nat inside source static 10.1.1.2 200.1.1.2”
    • Show commands
      • “show ip nat translations”
        • Displays the translation table
      • “sh ip nat statistics”
        • Displays various different statistics
slide5
NAT
  • Dynamic NAT
    • A NAT pool must be setup for outside addresses
      • “ip nat pool umbc 200.1.1.1 200.1.1.254 netmask 255.255.255.0”
        • The above command is executed in configuration mode
    • The addresses to be translated need to be identified
      • “access-list 1 permit 10.1.1.0 0.0.0.255”
        • The above command is executed in configuration mode
    • The inside addresses need to be mapped to the outside pool
      • “ip nat inside source list 1 pool umbc”
        • The above command is executed in configuration mode
slide6
NAT
  • NAT Overload
    • A NAT pool must be setup for outside addresses
      • “ip nat pool umbc 200.1.1.1 netmask 255.255.255.255”
        • The above command is executed in configuration mode
    • Two ways of mapping the inside addresses to the outside pool
      • “ip nat inside source list 1 pool umbc overload”
      • “ip nat inside source list 1 interface serial0/0 overload”
        • The above command is executed in configuration mode
        • This will map everything in access list 1 to the IP address of the serial interface
    • The addresses to be translated need to be identified
      • “access-list 1 permit 10.1.1.0 0.0.0.255”
        • The above command is executed in configuration mode
slide7
VPN
  • Virtual Private Network (VPN)
    • A private data network that makes use of the public telecommunication infrastructure (Internet), maintaining privacy through the use of a tunneling protocol and security procedures
      • A VPN is very cost effective
    • Traffic is encrypted as it travels across the Internet
    • An administrator must be aware of the traffic that flows through the tunnel and the end points of tunnel
    • All traffic on the secure VPN must be encrypted and authenticated
      • Encryption types
        • DES, 3DES, AES
slide8
VPN
  • Virtual Private Network (VPN)
    • The security properties on all end points of the VPN tunnel must be the same
    • No one outside the VPN tunnel should be able to effect the security properties of the tunnel
    • Split Tunneling allows for traffic to be sent through a tunnel and outside the tunnel at the same time
      • Very big security concern with Split Tunneling
    • IPSEC is used for encryption of VPN tunnel
      • Uses ISAKMP (IKE) – UDP port 500 for tunnel setup
      • Uses esp (protocol 50) and ah (protocol 51) for encryption
slide9
VPN
  • Types of VPN
    • A client based VPN tunnel handles only the connection for one workstation
      • Usually created from a PC to a VPN Gateway (server)
    • A LAN-2-LAN VPN tunnel is built for many clients to use
      • Usually created from one Gateway to another Gateway
    • Understand the design for each type
      • Discussed in class
  • VPN Devices
    • Possible to create a VPN tunnel with any device than supports IPSEC
    • Cisco devices
      • IOS router
      • PIX Firewall
      • VPN concentrator
ad