NAT Configuration

Configuring Static NAT
Remember that static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server.
Configuring static NAT translations is a simple task. You need to define the addresses to translate and then configure NAT on the appropriate interfaces.Packets arriving on an inside interface from the identified IP address are subject to translation. Packets arriving on an outside interface addressed to the identified IP address are subject to translation.

Configuring Dynamic NAT
While static NAT provides a permanent mapping between an internal address and a specific public address, dynamic NAT maps private IP addresses to public addresses. These public IP addresses come from a NAT pool. Dynamic NAT configuration differs from static NAT, but it also has some similarities. Like static NAT, it requires the configuration to identify each interface as an inside or outside interface. However, rather than creating a static map to a single IP address, a pool of inside global addresses is used.
To configure dynamic NAT, you need an ACL to permit only those addresses that are to be translated. When developing your ACL, remember there is an implicit "deny all" at the end of each ACL. An ACL that is too permissive can lead to unpredictable results. Cisco advises against configuring access contol lists referenced by NAT commands with the permit any command. Using permit any can result in NAT consuming too many router resources, which can cause network problems.

Configuring NAT Overload for a Single Public IP Address
There are two possible ways to configure overloading, depending on how the ISP allocates public IP addresses. In the first instance, the ISP allocates one public IP address to the organization, and in the other, it allocates more than one public IP address.

Here we discuss about configure NAT overload with a single IP address. With only one public IP address, the overload configuration typically assigns that public address to the outside interface that connects to the ISP. All inside addresses are translated to the single IP address when leaving the outside interface.
The configuration is similar to dynamic NAT, except that instead of a pool of addresses, the interface keyword is used to identify the outside IP address. Therefore, no NAT pool is defined. The overload keyword enables the addition of the port number to the translation.

Configuring NAT Overload for a Pool of Public IP Addresses
In the scenario where the ISP has provided more than one public IP address, NAT overload is configured to use a pool. The primary difference between this configuration and the configuration for dynamic, one-to-one NAT is that the overload keyword is used. Remember that the overload keyword enables port address translation.

Port Forwarding

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.

Typically, peer-to-peer file-sharing programs and key operations, such as web serving and outgoing FTP, require that router ports be forwarded or opened to allow these applications to work. Because NAT hides internal addresses, peer-to-peer only works from the inside out where NAT can map register outgoing requests against incoming replies.

The problem is that NAT does not allow requests initiated from the outside. This situation can be resolved with manual intervention. Port forwarding allows you to identify specific ports that can be forwarded to inside hosts.

Recall that Internet software applications interact with user ports that need to be open or available to those applications. Different applications use different ports. For example, Telnet uses port 23, FTP uses ports 20 and 21, HTTP port 80, and SMTP uses port 25. This makes it predictable for applications and routers to identify network services. For example, HTTP operates through the well-known port 80. When you enter the address, the browser displays the Cisco Systems, Inc. website. Notice that we do not have to specify the HTTP port number for the page requests because the application assumes port 80.

Configuring Port Forwarding
Port forwarding allows users on the Internet to access internal servers by using the WAN port address and the matched external port number. When users send these types of requests to your WAN port IP address via the Internet, the router forwards those requests to the appropriate servers on your LAN. For security reasons, broadband routers do not by default permit any external network request to be forwarded to an inside host.
For instance, the figure is displaying the Single Port Forwarding window of a Linksys WVRS4400N business-class SOHO router. Currently, port forwarding is not configured.
You can enable port forwarding for applications and specify the inside local address to forward the request to. For example, in the figure, HTTP service requests coming into this Linksys is now forwarded to the web server with the inside local address of If the external WAN IP address of the SOHO router is, the external user could enter and the Linksys router would redirect the HTTP request to the internal web server at IP address, using the default port number 80.
We could specify a port different from the default port 80. However, the external user would have to know the specific port number to use.
The approach you take to configure port forwarding depends on the brand and model of the broadband router in the network. However, there are some generic steps to follow. If the instructions supplied by your ISP or that came with the router do not provide adequate guidance, the website provides guides for several broadband routers. You can follow the instructions to add or delete ports as required to meet the needs of any applications you want to allow or deny.


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog