Vous êtes sur la page 1sur 24

Network Address

Translation NAT

Ing. Viviana Lpez MsC(c)


Instructor CISCO CCNA

Version 4.0

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Objetivos

Socializar el concepto de NAT.

Describir la justificacin de NAT.

Socializar los diferentes tipos de NAT.

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Configuracin de NAT sobre Router Cisco


Operacion y Beneficio de usar direccionamiento
Privado y Publico

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Beneficios de NAT

NAT reemplaza la direccin orgen con una direccin ruteable permitiendo a


hosts con direcciones privadas accesar a internet.
NAT provee de conectividad transparente, escalable y bidireccional entre
distintas oficinas de la misma empresa.
NAT elimina la necesidad de reasignar nmeros a los hosts al cambiar de
ISP o de esquemas de direccionamiento.
NAT fortalece la prvacidad de red puesto que las direcciones asignadas se
encuentran ocultas. Evita el escaneo de puertos en la red.

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Desventajas de NAT
Rendimiento es degradado
Traceabilidad en coneciones end-to-end se pierde
Tunneling es mas complicado

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Tipos de NAT

NAT Esttico
NAT Dinmico
NAT/PAT

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Configuracin NAT esttico en CISCO


Como Configurar NAT estatico y conservar el espacio
de direcciones IP en una red.

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Ejemplo NAT esttico

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Configuracin Bsica Routing EIGRP


Hostname Router1(EIGRP)
interface FastEthernet0/1
ip address 190.1.190.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.2 255.255.255.0
router eigrp 1
network 200.30.75.0 0.0.0.3
network 190.1.190.0 0.0.0.255

no auto-summary

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Configuracin Router NAT esttico(1)


Hostname Router(NAT)
interface FastEthernet0/1
ip address 192.168.1.10 255.255.255.0
ip nat inside
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.1 255.255.255.0
ip nat outside
clock rate 64000
ip nat inside source static 192.168.1.2 200.30.75.3
ip nat inside source static 192.168.1.3 200.30.75.4
ip classless
ip route 190.1.190.0 255.255.255.0 200.30.75.2

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Referencia Esttica

Referencia Esttica

10

Comandos Depuracin NAT


Router(NAT)#sh ip nat translations
Pro Inside global

Inside local

Outside local

--- 200.30.75.3

192.168.1.2

---

---

--- 200.30.75.4

192.168.1.3

---

---

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Outside global

11

Comandos Depuracin NAT


WEB SERVER
Router(NAT)#debug ip nat
NAT: s=192.168.1.2->200.30.75.3, d=190.1.190.2[0] (request)
NAT*: s=190.1.190.2, d=200.30.75.3->192.168.1.2[0] (reply)
NAT: s=192.168.1.2->200.30.75.3, d=190.1.190.2[0]
NAT*: s=190.1.190.2, d=200.30.75.3->192.168.1.2[0]
NAT: s=192.168.1.2->200.30.75.3, d=190.1.190.2[0]
NAT*: s=190.1.190.2, d=200.30.75.3->192.168.1.2[0]
NAT: s=192.168.1.2->200.30.75.3, d=190.1.190.2[0]
NAT*: s=190.1.190.2, d=200.30.75.3->192.168.1.2[0]

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

PC

12

Comandos Depuracin NAT


Router(EIGRP)#debug ip icmp
ICMP: echo reply sent, src 190.1.190.1, dst 200.30.75.3

ICMP: echo reply sent, src 190.1.190.1, dst 200.30.75.3


ICMP: echo reply sent, src 190.1.190.1, dst 200.30.75.3

Direccin Transladada (host 192.168.1.2)

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

13

Configuracin NAT dinamico en CISCO


Como Configurar NAT dinamico para conservar el
espacio de direcciones IP de la red.

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

14

Configuracin Bsica Routing EIGRP


Hostname Router1(EIGRP)
interface FastEthernet0/1
ip address 190.1.190.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.2 255.255.255.0
router eigrp 1
network 200.30.75.0 0.0.0.3
network 190.1.190.0 0.0.0.255

no auto-summary

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

15

Configuracin Router NAT dinamico(3)


Hostname Router(NAT)
interface FastEthernet0/1
ip address 192.168.1.10 255.255.255.0
ip nat inside
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.1 255.255.255.0
ip nat outside
clock rate 64000

Rango Global

ip nat pool RANGO 200.30.75.3 200.30.75.5 netmask 255.255.255.0


access-list 10 permit 192.168.1.0 0.0.0.255
ACL direcciones LAN
ip nat inside source list 10 pool RANGO
ip classless
Translacin de Direcciones IP
ip route 190.1.190.0 255.255.255.0 200.30.75.2

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

16

Comandos Depuracin NAT


Router(NAT)#sh ip nat translations
Pro Inside global

Inside local

Outside local

--- 200.30.75.3

192.168.1.2

---

---

--- 200.30.75.4

192.168.1.3

---

---

--- 200.30.75.5

192.168.1.4

---

---

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Outside global

17

Comandos Depuracin NAT


WEB SERVER
Router(NAT)#debug ip nat
NAT: s=192.168.1.2->200.30.75.3, d=190.1.190.2[1] (request)
NAT*: s=190.1.190.2, d=200.30.75.3->192.168.1.2[1] (reply)

NAT: s=192.168.1.3->200.30.75.4, d=190.1.190.2[2]


NAT*: s=190.1.190.2, d=200.30.75.4->192.168.1.3[2]

Translacin

NAT: s=192.168.1.4->200.30.75.5, d=190.1.190.2[3]


NAT*: s=190.1.190.2, d=200.30.75.5->192.168.1.4[3]

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

18

Configuracin NAT/PAT sobre Router Cisco


Como Configurar NAT /PAT para conservar el espacio
de direcciones IP de la red.

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

19

Configuracin Bsica Routing EIGRP


Hostname Router1(EIGRP)
interface FastEthernet0/1
ip address 190.1.190.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.2 255.255.255.0
router eigrp 1
network 200.30.75.0 0.0.0.3
network 190.1.190.0 0.0.0.255

no auto-summary

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

20

Configuracin Router NAT dinamico(2)


Hostname Router(NAT)
interface FastEthernet0/1
ip address 192.168.1.10 255.255.255.0
ip nat inside
duplex auto
speed auto
interface Serial0/0/0
ip address 200.30.75.1 255.255.255.0
ip nat outside
clock rate 64000
ip nat inside source list 10 interface Serial0/0/0 overload
access-list 10 permit 192.168.1.0 0.0.0.255
ip classless
ip route 190.1.190.0 255.255.255.0 200.30.75.2

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

Interface Global
Translacin de Direcciones IP

ACL direcciones LAN

21

Comandos Depuracin NAT


Router(NAT)#sh ip nat translations
Pro Inside global
Inside local
Outside local
tcp 200.30.75.1:1025 192.168.1.2:1025 190.1.190.2:80

Outside global
190.1.190.2:80

tcp 200.30.75.1:1024 192.168.1.3:1024 190.1.190.2:80


tcp 200.30.75.1:1026 192.168.1.4:1026 190.1.190.2:80

190.1.190.2:80
190.1.190.2:80

IP interface S0/0/0

Uso de Puertos en la Translacin de Direcciones IP

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

Comandos Depuracin NAT


WEB SERVER
Router(NAT)#debug ip nat
NAT: s=192.168.1.2->200.30.75.1, d=190.1.190.2[20]
NAT*: s=190.1.190.2, d=200.30.75.1->192.168.1.2[20](reply)

NAT: s=192.168.1.3->200.30.75.1, d=190.1.190.2[21]

Translacin
NAT*: s=190.1.190.2, d=200.30.75.1->192.168.1.3[21]
IP S0/0/0
NAT: s=192.168.1.4->200.30.75.1, d=190.1.190.2[22]
NAT*: s=190.1.190.2, d=200.30.75.1->192.168.1.4[22]

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

2006 Cisco Systems, Inc. All rights reserved.

Cisco Public

24