NAT basics for beginners CCNA - Part 1

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I'm going to cover everything you need to know about nap or network address translation for your CCENT and CCNA certifications that is super important pretty much every home router or business or organizations router uses network address translation in fact ipv4 would not have survived this long without NAT in other words we all use private addresses on our home networks or on our local area networks and those private addresses are not routable across the internet addresses like 192 168 1 dot whatever 100 or or addresses that start with the 10 or addresses that start with 172 16 are all private addresses private addressing from RFC 1918 which says private addresses in these ranges are not routable across the internet if you want to use these addresses on your land then when it crosses your router they need to be translated or network address translated to a public address and so pretty much all routers do this if you're running an ipv4 network which most networks are ipv4 networks so ipv4 has survived because of private addressing and network address translation also I think pretty much because of classless addressing the fact that we can um we don't have to adhere to strict IP classes we can do subnet and we can do whatever we want with our with classless networks addressing and classless routing but nap is super important for the functioning day to day functioning of basically the internet so in the CCNA you're required to know how to configure now and in this video I'm going to go over different types of configurations that you need to know one we're going to configure a static translation a one-to-one translation where you translate one public IP address to one private IP address and in this scenario what we're going to do is we're going to translate one public IP - our honeypot server here in the Demilitarized Zone at 10.00 about 240 and what we're going to do is we're going to translate this address right here and when people go to this address this public address it'll get translated to this private address so that'll be a static translation one to one we're also going to configure on a port address translation which is a one-to-one translation across a port also we'll use port 80 in other words when people contact this company at this public IP address on port 80 it will get translated to the web server over here on port 80 at 10.00 about 250 so it's also a one-to-one translation but only if you contact this public address on port 80 will get translated to the private address on port 80 so this is what you'd see in a web server scenario this other type of static translation is what you might see if you had a honeypot and you wanted it to be very visible let's say on the internet and draw people in across any port the other type of translation that we're going to look at is a NAT overload translation NAT overload translation also known as path or port address translation is the most common type of translation and it's the type of translation that happens on everybody's home router and that is you go to the public address and it gets translated to all of the private addresses on the private network in other words most people have 10 or 20 or 30 devices on their home network or on their small business network and all of those devices when they go across the router get translated to one public IP address and the way that works is because port numbers are attached or overloaded and these random port numbers are part of the translation and allow us to translate one public address to many private addresses because the port number gets attached and that identifies the specific computer so we're going to cover that and then also going to cover dynamic address translation where you have a nap pool and we're going to do that over here on this side of the equation and the nap pool is when you have multiple public IP addresses like in this case we're going to have a bunch of public IP addresses and they get translated to a bunch of private addresses and also this can be done with overload or ports as well so we're going to do both types and the first thing I want to talk about this is really important for your certification exam and that is according to Cisco depending on which router you are so let's say right now this is our company and where this company router so your company router the interface that is on the local side is known as the inside local okay and then on the public side let's say I'm gigabit 0/0 that's facing the Internet this would be the inside bulb so if this is my company in my router I have my inside global which is faces the public or the WAM and then I have my inside local which faces my private network okay then any time I contact someone across the internet this is the outside global right for if I'm the inside then this is this router over here would be the outside global and this would be the outside local now vice-versa if I'm this router it says your router from my perspective if I'm this is my router well then it's the opposite and we have to say well no this is the inside global and this is the inside wall because this is my router and this is the outside so it just depends on which router you are which one you're configuring I mean if this is your router then you this is your inside local message you're inside global and these are the outside okay so it just depends so for this tutorial I'm going to start here though with we're going to start from the company router so I'm going to switch this up so that's the outside this is the inside local and the inside global because I'm the company router right and we're going to start off with our first translation which will be a static translation one-to-one translation and what we're going to do is we're going to use so if this is our public address 209 165 130 which it is if I hover over here you'll see that there it is on the left hand side you might see 130 so this is our address we're going to pretend like this company owns a few public addresses and it just so happens it also owns 209 165 . 129 so it owns both of these public addresses and it wants to use this public address so that when people contact this public address they get forwarded through or translated through to the honeypot server at 10.00 about 240 so it's going to go 209 165 129 to 10 dot 0 dot 0 dot 230 and that will be the translation okay so we'll go into the company router we'll get into global config mode and the first thing that we want to do is for our Cisco operating system here we have to tell it which one is the inside interface and which one is the outside facing interface okay so which one faces the land and which one faces good land so in this case interface gigabit 0/0 faces the LAN so that is our IP nap outside and interface gigabit 0/1 faces the land so that's the IP net inside and the full command is IP net inside in this case I put IP net out which is short for IP now tied so in other words this is the inside facing interface and this is the outside facing interface which is confusing because I just got done explaining that according to the terminology this is the outside so it's a little confusing but IP net inside over here I peanut outside on this interface ok so slightly confusing there but you get the picture okay and now all we need to do is put in our command so IP nap inside source static translation and we're going to statically translate from 10.0.0.0 240 to 209 dot one six five dot one hundred dot twenty nine and that's it that's a static translation from the private to the public and that should work now and let's see if it works if it works then we should be able to reach this honeypot server by putting in the public address here so we'll see if that works I'll go to pc zero and i'll go to the web browser and i'll put in 209 dot one sixty five dot 100 dot twenty nine and hit enter and boom I hit the honeypot so notice the public address I put in the public address from PC zero here and it was translated through the router to the honeypot and that is excellent so there we have our first successful translation okay so now we want to do something similar for this web server except we want this server to only be available on port 80 so it's going to be similar so instead of using a separate IP address like we did from the honeypot we're just going to use our normal address that's assigned right now to this interface gigabit 0/0 so two or nine 165 130 and we'll use that IP address now we do not have to go back in and set up the IP net outside and the IP net inside we don't have to do that again other words we don't have to do this again right IP net outside we already did that we don't have to do that again but if you want all to show one more time just to make sure that you realize that yeah this is what has to be done to get it to work you just it's just that you only have to do it once okay so there you have a peanut out and you didn't need to do that but I did anything okay IP net this time I'll do is I'll go back to bone config mode so there was our command before IP net inside source static right this time it's going to be slightly different only a few modifications we'll get this to work first of all this time we're translating to 209 165 dot 130 and the other address is 10.00 about 250 so I can just change that to 50 and then a couple other things that have to change here this time the translation is just over TCP port 80 and then over here I have to also put port 8 so as you can see here that now IP net inside source static TCP from this private on port 80 to this public on port e and vice-versa if you contact this public address on port 80 it will get translated to this private address on port 80 and you have to put the tcp in here to make this work so this is port forwarding basically in the Cisco IOS right so here was just a static translation across all ports or just based on IP right just on IP and you didn't have to put IP in here it's just an IP translation from one address to another this is a TCP translation only from this address to this address on port 80 and if we do that okay it's done and what that means is that I can go to PC 0 here and go in here and put in let's here to a 9.1 65.1 hundred dot 30 and hit go and I hit the other web server which is this web server right here ok so this gets translated by contact this IP address on port 80 which it is because it's a web browser and web web request HTTP requests at port 80 requests then it gets translated over here okay so that works so now we've got two forms one and two are done
Info
Channel: danscourses
Views: 372,280
Rating: undefined out of 5
Keywords: NAT, CCNA, CCENT, Packet Tracer, static nat, dynamic nat, dancourses
Id: dUfKR2wC1Y4
Channel Id: undefined
Length: 13min 35sec (815 seconds)
Published: Sun Apr 30 2017
Related Videos
NAT basics for beginners CCNA - Part 2
danscourses
139K
NAT - SNAT, DNAT, PAT & Port Forwarding
Sunny Classroom
346K
VLANs and Trunks for Beginners - Part 1
danscourses
2.4M
TCP Fundamentals Part 1 // TCP/IP Explained with Wireshark
Chris Greer
414K
Nat Overload with Multiple ISP's
Doctor Networks
3.4K
CCNA (200-301) Topics: NAT, NTP, & DHCP
Kevin Wallace Training, LLC
29K
Standard Access List (ACL) for the Cisco CCNA - Part 1
danscourses
667K
Subnets vs VLANs
PowerCert Animated Videos
521K
NAT Explained | Overload, Dynamic & Static
CertBros
300K
Create an IPsec VPN tunnel using Packet Tracer - CCNA Security
danscourses
313K
Network Protocols - ARP, FTP, SMTP, HTTP, SSL, TLS, HTTPS, DNS, DHCP - Networking Fundamentals - L6
Practical Networking
1.8M
Top 20 CCNA certification Interview Questions and Answers and examples
cobuman
17K
How to configure cisco router for the first time (CCNA Level) | 2021
IT Solutions Network
57K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.