Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCNP CCIE Complete : NAT overloading inside global IP addresses

NAT overloading inside global IP addresses

Nov 27,2008 by alperen

small font medium font large font
image

FIGURE 3 . 3 NAT overloading inside global IP addresses
1
10.1.2.25
10.1.2.26
Internet data
to 205.1.1.25
Internet data
to 130.77.116.4
NAT border
router
NAT table
Inside local
IP address & port
10.1.2.25:1723
10.1.2.26:1723
Inside global
IP address & port
200.1.2.26:1723
200.1.2.26:1024
Outside global
IP address & port
205.1.1.25:80
130.77.116.4:80
200.1.2.26:1723
200.1.2.26:1024
Reply
Internet
205.1.1.25
130.77.116.4

When the router processes multiple inside local IP addresses to a single globally routable
inside IP address, it performs the following steps to overload the inside global IP address:
1. The device with the inside local IP address of 10.1.2.25 attempts to open a connection to
a host with outside global IP address 205.1.1.25 on an outside network.
2. The first packet that the NAT border router receives from the host at 10.1.2.25 causes the
router to check the NAT table. Because no translation entries exist for this source, the router
creates an entry in the NAT table. Since overloading is enabled and other translations are
active, the router reuses the inside global IP address and saves enough information to translate
returning packets. This type of entry is called an extended entry because it contains additional
information, specifically the layer 4 protocol and TCP or UDP port number.
3. The router replaces the inside local source IP address of 10.1.2.25 with the selected inside
globally routable IP address and a unique port number and then forwards the packet. In
this example, the source IP address is shown as the inside global address 200.1.2.26:1723
in the NAT table.
4. The host at 205.1.1.25 receives the packets and responds to the host at 10.1.2.25 by using the
inside global IP address and port in the source field of the original packet (200.1.2.26:1723).
5. The NAT border router receives the packet from 205.1.1.25 destined for 200.1.2.26. It
performs a NAT table lookup using the layer 4 protocol, inside global IP address, and port
as the key. The router then translates the address back to the inside local destination IP
address of 10.1.2.25, keeping the port number of 1723, and forwards the packet.
Steps 2 through 5 are continued for all subsequent communications until the TCP connection
is closed. Once the TCP connection is closed, the NAT router deletes the entry in the NAT table.
UDP connections don’t contain state information so they are deleted after a set time of inactivity.
Both hosts at IP address 205.1.1.25 and 130.77.116.4 think they are talking to a single host
at IP address 200.1.2.26. They are actually talking end-to-end to different hosts, with the port
number being the differentiator the NAT border router uses to forward the packets to the correct
host on the inside network. In fact, you could allow approximately 64,000 different hosts
using a single layer 4 protocol to share a single inside global IP address by using the many available
TCP and UDP port numbers.

192 times read

Related news
» load distribution steps
by alperen posted on Nov 27,2008
» Overloading Inside Global Addresses
by alperen posted on Nov 27,2008
» NAT translating overlapping addresses
by alperen posted on Nov 27,2008
» The process of translating inside local addresses
by alperen posted on Nov 27,2008
» NAT Terminology
by alperen posted on Nov 27,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.