Cloud & Networking
Reader small image

You're reading from  Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Product typeBook
Published inNov 2020
PublisherPackt
ISBN-139781800208094
Edition1st Edition
Tools
Cisco UCS
Concepts
Network Security
Right arrow
Author (1)
Glen D. Singh
Glen D. Singh
author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Right arrow

Chapter 9: Configuring Network Address Translation (NAT)

How do devices on private networks access the internet? Network address translation (NAT) is what connects the magic between the private and public networks. In this chapter, you will learn about the various types of NAT and how to implement static NAT, dynamic NAT, and port address translation (PAT) on a Cisco network. You will also learn how to implement NAT to ensure that you have internet connectivity on an enterprise network.

In this chapter, we will cover the following topics:

  • The challenge of using IPv4 on the internet
  • Understanding NAT
  • Types of NAT
  • Configuring PAT
  • Configuring static NAT with port forwarding
  • Implementing dynamic NAT

Technical requirements

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirement:

The code files for this chapter are available at https://github.com/PacktPublishing/Implementing-and-Administering-Cisco-Solutions/tree/master/Chapter%2009.

Check out the following video to see the Code in Action: https://bit.ly/3clR4Qr

The challenge of using IPv4 on the internet

One of the many issues we face is that there aren't enough public IPv4 addresses to assign to each unique device on the internet. As you learned in Chapter 3, IP Addressing and Subnetting, each device that is directly connected to the internet must be assigned a unique IP address. Furthermore, there are 232 public IPv4 addresses, which means that there are approximately 4,294,967,296 public IPv4 addresses that are routable on the internet. This number seems huge, but the reality is that most internet-connected devices have already been assigned a public IPv4 address and the rest of the public IPv4 pool is reserved by various organizations for special use.

In the world today, there are more than 4 billion devices connected to the internet. How is it possible to have more devices online than the number of available public IPv4 addresses? RFC 1918 defines three classes of IPv4 addresses that are assignable on private networks and are...

Understanding NAT

A device that is assigned a private IPv4 address is not able to simply communicate with devices on the internet on its own—it needs some assistance. For example, your computer or smart device is mostly likely assigned a private IPv4 address on your network, but it's able to connect to devices on the internet. This is because of something called NAT. NAT makes our lives in networking that bit easier as it allows a router to translate a private address into a public address. Let's take a look at the following diagram to get a clear idea of how NAT really works:

Figure 9.2 – NAT topology

In the preceding figure, there are two networks—a corporate network and the internet—and in between both is a NAT router. Let's imagine that there is a device on the corporate network, PC 1, with an IP address of 192.168.1.10. PC 1 wants to send a message to a device on the internet, let's say a Cisco web server...

Types of NAT

There are many types of NAT translations. Each type has its own advantages, disadvantages, and real-world use. In this section, you will learn about their characteristics and operations, and how to configure each type of NAT on a Cisco IOS router.

Static NAT

Static NAT uses a one-to-one mapping of the inside local address with the inside global address. This type of NAT mapping does not change—as the name implies, the mapping remains constant. This type of NAT is very useful when you want to allow external users on the internet to access a device such as a web server that sits on your internal private network in your organization.

Let's imagine that your organization has a web server located on a private network and you are tasked to allow users from the internet access to the server. To complete this task, you can create a one-to-one static mapping between the web server's private IP address (inside local) and the public IP address on the router...

Lab – implementing NAT overload (PAT)

In this hands-on lab, you will learn how to implement PAT. The following network topology shows an organization's network to the left of the ISP that is connected to the internet. For this lab, we'll be using Cisco Packet Tracer to build our lab and complete the exercise:

Figure 9.10 – NAT overload topology

The objective of this lab is to configure the HQ router with NAT overload to all devices on the corporate network, such as the PC 1 private IP address (10.1.2.10/24), to be translated to a public IP address when it's attempting to connect to the Public Web Server (209.65.1.3/28).

Please use the following guidelines when creating this lab:

  • Assign the IP addresses to each device accordingly, as shown in Figure 9.10.
  • Use only Cisco 2911 models. Ensure that each interface is configured as shown in the topology.
  • Configure each end device with the corresponding IP address, subnet...

Lab – implementing static NAT with port forwarding

In this lab, you will learn how to implement static NAT on an organization router to forward traffic that is originating from the internet to an internal private server. This exercise is an extension of the previous lab. We'll be using the following topology and the same guidelines as before:

Figure 9.14 – Static NAT with port

The objective of this lab is to allow users (Public PC) on the internet to access the internal web server on the private corporate network via NAT. Therefore, when the Public PC enters the public IP address into the web browser, the HQ router will translate and forward the traffic to only the internal web server.

To implement static NAT with port forwarding, use the following instructions:

  1. Configure the inside interface on the HQ router that points to the internal web server:
    HQ(config)#interface GigabitEthernet 0/1
HQ(config-if)#ip nat inside
HQ(config...

Lab – implementing dynamic NAT

In this lab, you will learn how to implement dynamic NAT with a pool of IP addresses. The following network topology shows an organization network (left) that is connected to the internet via the ISP router:

Figure 9.19 – Dynamic NAT topology

The objective of this lab is to allow the IP addresses of devices in the company attempting to communicate on the internet to be translated to an available public IP address, via dynamic NAT, on the HQ router.

Please be sure to use the following guidelines when creating this lab to ensure that you get the correct results:

  • Assign the IP addresses as shown in the preceding figure to each device accordingly.
  • Each router (Cisco 2911 model) interface must be configured as shown in the topology.
  • Configure each end device with the corresponding IP address, subnet mask, and default gateway, as shown in the topology.
  • Configure a default route on HQ to point to...

Summary

In this chapter, we have discussed the important role that NAT plays in almost all private networks of all sizes. We explored the characteristics and functions of each type of NAT and in which situations they would be used. By completing this chapter, you have gained both a theoretical understanding of the operations of NAT on an enterprise network, and the hands-on skills to implement static NAT, dynamic NAT, and PAT on a Cisco network.

I hope that this chapter has been informative and helps you in your journey toward learning how to implement and administrate Cisco solutions and prepare for the CCNA 200-301 certification. In the next Chapter 10, Implementing Network Services and IP Operations, we will learn how to implement the Network Time Protocol (NTP), Dynamic Host Configuration Protocol (DHCP), and other IP services on a Cisco environment.

Questions

The following is a short list of review questions to help reinforce your learning and help you identify which areas of your knowledge require some improvement:

  1. Which of the following network addresses are nonroutable on the internet?

    A. 192.167.68.200

    B. 192.169.87.23

    C. 172.31.1.5

    D. 172.32.1.6

  2. Which of the following is a benefit of using NAT?

    A. Hides users behind a single public IP address

    B. Allows VoIP communication over the internet

    C. Ensures end-to-end connectivity between internal and external devices

    D. Supports IPSec

  3. In terms of NAT, what is defined as the inside address?

    A. The public IP address

    B. The MAC address

    C. The address that is visible on the internet

    D. The address to be translated

  4. How would you describe the address of the destination device?

    A. Inside local

    B. Outside local

    C. Inside global

    D. Outside global

  5. Which type of NAT is recommended for forwarding all traffic to an internal server if a user on the internet knows the public IP address...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 14 of 26
Next Chapter
You have been reading a chapter from
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Published in: Nov 2020Publisher: PacktISBN-13: 9781800208094
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Other recommended products

Related to this chapter

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT is the entry-level certification for those looking to venture into the networking world. This book is designed to help you prepare for the ICND Part 1 (100 – 105) exam, thus obtaining the CCENT certification. Apart from learning computer network essentials, you will be able to enhance your networking skills by learning switching and routing, troubleshooting, security, and more

BookApr 2018362 pages
Cisco Certified CyberOps Associate 200-201 Certification Guide

Cisco Certified CyberOps Associate 200-201 Certification Guide

The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.

BookJun 2021660 pages
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide

With a CCNA Security certification, you can demonstrate the skills required to develop a security infrastructure, recognize threats to networks, and mitigate security threats. Geared towards Cisco Security, the practical aspects of this book will help you clear the CCNA Security Exam (210-260) by increasing your knowledge of Network Security.

BookJun 2018518 pages
CCNA Routing and Switching 200-125 Certification Guide

CCNA Routing and Switching 200-125 Certification Guide

Cisco Certified Network Associate (CCNA) Routing and Switching is one of the most important certificates in order to stay up-to-date with networking skills. This Certification Guide covers everything you need to know in order to pass the CCNA Routing and Switching 200-125.

BookOct 2018504 pages
CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide makes the most complex Network+ concepts easy to understand despite having no prior knowledge. It offers exam tips in every chapter along with access to practical exercises and exam checklist that map to the exam objectives and it is the perfect study guide to help you pass CompTIA Network+ exam.

BookDec 2018422 pages
Implementing Cisco Networking Solutions

Implementing Cisco Networking Solutions

Most enterprises use Cisco networking equipment to design and implement their networks. However, some networks outperform networks in other enterprises in terms of performance and meeting new business demands, because they were designed for the present while keeping the future in mind. This book talks about how to design and implement enterprise networks for small to mid-size organizations efficiently and effectively, so that the network design can accommodate newer demands from the users in a seamless manner, ranging from adding more branches/ users to adding new services, and evaluating and implementing new technologies to optimize costs, or enhance the user experience.

BookSep 2017436 pages5
Networking Fundamentals

Networking Fundamentals

Networks are a collection of computers, servers, mobile devices or other computing devices connected with a view to sharing data. This book will help you get well-versed with the basic concepts of networking and will help you to pass Microsoft's MTA Networking Fundamentals Exam 98-366

BookDec 2019510 pages
Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

BookNov 2019550 pages
MCSA Windows Server 2016 Certification Guide: Exam 70-741

MCSA Windows Server 2016 Certification Guide: Exam 70-741

This practical certification guide covers the most important exam objectives in exam 70-741. Additionally, this certification guide will come in handy when preparing to take exam 70-743.

BookApr 2019182 pages
Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

BookFeb 2018396 pages
Cisco ACI Cookbook

Cisco ACI Cookbook

Cisco ACI cookbook is a step by step guide that simplifies the complex Cisco Application Centric Infrastructure for you. Using the practical recipes in this book you can efficiently develop and adapt hybrid environments for your organisation. This book provides an all-round idea of Cisco ACI and will enable you to develop skills using which you can automate IT tasks efficiently.

BookMay 2017424 pages
Practical Network Automation

Practical Network Automation

Network automation is the process of automating the management and functionality of computer networks. Numerous tools, methodologies, and technologies are used to automate a network; this book covers all these functionalities.

BookNov 2017266 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2