Beruflich Dokumente
Kultur Dokumente
Join TechRepublic
FAQ
Go Pro!
ZDNet
SmartPlanet
TechRepublic
TechRepublic
IT Management Development IT Support Data Center Networks Security
Home
Blogs Downloads
Search
All of TechRepublic
Publications
Library
3Comments
more +
Pooled NAT Pooled NAT is similar to PAT except you have the luxury of having a one-to-one mapping of addresses. In other words, you have just as many inside network clients as you do outside network IP
addresses. You tell the NAT router the pool of IP addresses that are available, and each client receives its own IP addresses when it requests a NAT translation. The client does not get the same address each time it requests a translation; it merely gets the next available address from the pool. In my article "Set up NAT using the Cisco IOS," I explain how to configure Pooled NAT. For an illustration of Pooled NAT, see Figure B. Figure B
Static NAT Static NAT is the simplest form of NAT. The most likely example is a mail server on the inside of a private network. The private network connects to the public Internet. In between the two networks, a router performs NAT. For a dedicated server, like a mail server, you would want a static (not changing) IP address. This way, every time someone on the Internet sends e-mail to the mail server, that server has the same public IP address. For an illustration of Static NAT, see Figure C. Figure C
As I said, you can perform a variety of functions with these three configurations. For the purpose of this article, we will focus on configuring PAT. Configuring PAT To configure PAT/NAT correctly the first time, you need to understand the Cisco NAT terminology and how your IP networks/addresses map to each of the entities listed below:
Inside LocalThis is the local IP address of a private host on your network (e.g., a workstation's IP address). Inside GlobalThis is the public IP address that the outside network sees as the IP address of your local host. Outside LocalThis is the local IP address from the private network, which your local host sees as the IP address of the remote host. Outside GlobalThis is the public IP address of the remote host (e.g., the IP address of the remote Web server that a workstation is connecting to).
You'll configure your Cisco router using seven commands. Let's assume that your Internet service provider gave you a 30-bit network containing two public IP addresses. This configuration would allow one address for your router and one address for your internal clients and devices. The first command you'll execute will tell the router which public IP address you want to use for PAT: ip nat pool mypool 63.63.63.2 63.63.63.2 prefix 30 This command configures a pool (range) of IP addresses to use for your translation. In this case, we want only one address in our pool, which we will overload. We do this by assigning the same IP address (63.63.63.2) for the start and end of the pool. The next command will tell your router which IP addresses it is allowed to translate: access-list 1 permit 10.10.10.0 0.0.0.255 It's not a good idea to put permit any in the access list, even though you will occasionally see that as a recommendation in some sample configurations. The next command is: ip nat inside source list 1 pool mypool overload This command puts the pool definition and the access list together. In other words, it tells the router what will be translated to what. The overload keyword turns this into a PAT configuration. If you left out overload, you would be able to translate only one IP address at a time, so only one client could use the Internet at a time. Next, you need to tell PAT/NAT what interfaces are the inside network and what interfaces are the outside network. Here's an example: interface ethernet 0 ip nat inside interface serial 0 ip nat outside With these commands, your PAT configuration is finished. You have told the Cisco IOS you are translating your network A into a single IP address from network B, that network A is on the ethernet 0 interface and network B is on the serial 0 interface, and that you want to allow the inside network to overload the single IP address on the outside network. Finally, verify that NAT works. This can be as simple as doing a ping command from your inside local host to an outside global host. If the ping succeeds, chances are you have everything configured correctly. You can also use the following Cisco IOS commands to confirm and troubleshoot: show ip nat translations [verbose] show ip nat statistics With the translations command, you should see the translation that was created from your ping test. But watch out: The translations will disappear after their time-out expires. If you have configured overload, these time-outs are configurable by traffic type. Summary You should now understand the differences between PAT, Pooled NAT, and Static NAT, and you should be able to do a basic PAT configuration with the Cisco IOS. For more information, check out the links below. Additional resources TechRepublic: "Learn why NAT can cause VPN connection problems" TechRepublic: "Set up NAT using the Cisco IOS" TechRepublic: "Use NAT to connect your network to the Internet" Cisco: NAT Technical Tips Index Cisco: How NAT Works Cisco: Configuring Network Address Translation: Getting Started Cisco: Frequently Asked Questions about Cisco IOS NAT Cisco: IOS 12.2 Configuring Network Address Translation Cisco: IOS 12.2 Overloading an Inside Global Address (PAT) Cisco: IOS 12.2 IP Addressing Command Reference (including NAT commands) PCWebopedia: NAT Definition RFC1631: The IP Network Address Translator (NAT) RFC1918: Address Allocation for Private Internets Network Computing: Network Address Translation: Hiding in Plain Sight Verizon: How Network Address Translation Works Da Lan Tech: Network Address Translation for Beginners
3
Comments
Email Alert
Go to comment
Just In
i firmly believe that u should go with both pooled nat{dynamic nat} with PAT.Assign a pool of 14 public addresses for dynamic translation and keep the last one for PAT.So that if more than 14... Read Whole Comment +
Community Preferences
View: Expanded
Show: 50
0Votes +-
NAT
Ore' 4th May 2005
If I have 30 private IP addresses, and 15 public IP addresses, what is the best NAT configuration to deploy - would it be dynamic or PAT.
Reply
Favorite
i firmly believe that u should go with both pooled nat{dynamic nat} with PAT.Assign a pool of 14 public addresses for dynamic translation and keep the last one for PAT. So that if more than 14 concurrent users are logged in simultaneously , they can connect using Port mapping i.e PAT. hope this will be helpful for u.
Reply
Favorite
0Votes +-
the information has helped me to grasp the basics of nat and basic configuration. thank you.
Reply
Favorite
Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion. JoinLogin Loading Talkback...
Five Apps
Facebook Twitter
Hot Discussions
238
30
120
24
Start a Discussion
View All
Hot Questions
How do create 2 bootable partitions running win 7 on the same hard drive?
Ask a Question
A CNET PROFESSIONAL BRAND On TechRepublic DIY: How to replace the UI on your Android smartphone
TechRepublic
Search
Trending Topics
operating system apple windows xp tips newsletter
SOFTWARE
Strategy
IT OPERATIONS HARDWARE
Explore
Blogs Downloads Members Q&A DIscussions Training Store Research Library Photos Videos
Services
About Us Membership Newsletters RSS Feeds Site Map Site Help & Feedback FAQ Advertise Reprint Policy
Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones
2011 CBS Interactive. All rights reserved. Privacy Policy | Ad Choice | Terms of Use | Advertise | Jobs