Understanding Devices

and Infrastructure
Security mechanism (devices
and packets)
Firewalls Routers Switch

Load Web Security VPN

Balancers Gateway Concentrators

Protocol
Proxies
Analyzers
Network Design Elements and
Components
DMZ Subnetting VLAN

NAT VPN
NAT (Network Address
Translation)
Network Address Translation
Network Address Translation (NAT) creates a unique
opportunity to assist in the security of a network.
NAT effectively hides your network from the world,
making it much harder to determine what systems exist
on the other side of the router.
The NAT server effectively operates as a firewall for the
network.
The private address ranges, all of which
are non-routable, are as follows:
•10.0.0.0–10.255.255.255
•172.16.0.0–172.31.255.255
•192.168.0.0–192.168.255.255
NAT includes four types of addresses:
Inside local address
Inside global address
Outside local address
Outside global address
Inside local address
The address of the source as seen
from inside the network.
Inside global address
The address of source as seen from
the outside network.
Outside global address
The address of the destination as seen
from the outside network.
It is a globally routable IPv4 address
assigned to a host on the Internet.
Outside local address
The address of the destination
as seen from the inside
network.
There are three types of NAT translation:
Static address translation (static NAT) - One-to-one
address mapping between local and global addresses.
Dynamic address translation (dynamic NAT) – One to
many, many-to-many address mapping between local
and global addresses.
Port Address Translation (PAT) - Many-to-one address
mapping between local and global addresses. This
method is also known as overloading (NAT overloading).
Advantages of NAT
•NAT conserves the legally registered addressing
scheme
•NAT increases the flexibility of connections to the
public network.
•NAT provides consistency for internal network
addressing schemes.
•NAT provides network security.
Disadvantages of NAT
•Performance is degraded.
•End-to-end functionality is degraded.
•End-to-end IP traceability is lost.
•Tunneling becomes more complicated.
•Initiating TCP connections can be disrupted.
There are two basic tasks when
configuring static NAT translations.
The first task is to create a mapping between the
inside local address and the inside global
addresses.
After the mapping is configured, the interfaces
participating in the translation are configured as
inside or outside relative to NAT.
Configuring STATIC NAT
FIRST…Practice configuring
router in PACKET TRACER…..
Demilitarized Zones
is an area where you can place a
public server for access by people
you might not trust otherwise.
DMZ Layout
The easiest way to create a DMZ is to use a
firewall that can transmit in three
directions:
■ To the internal network
■ To the external world (Internet)
■ To the public information you’re sharing
(the DMZ)
Subnetting
Subnetting a network means using the
subnet mask value to divide a network
into smaller components. This gives you
more networks but a smaller number of
hosts available on each.
PURPOSE OF SUBNETTING
Classful vs Classless
Classful
192.168.1.0 /24
255.255.255.0 (CLSM-Constant Length Subnet Mask)

Classless
192.168.1.0 /29 – Prefix Length (Classless InterDomain Routing-CIDR)
255.255.248.0 (VLSM-Variable Length Subnet Mask)
 Subnet Mask Table
128 192 224 240 248 252 254 255

1 2 3 4 5 6 7 8

9 10 11 12 13 14 15 16
MAGIC NUMBER
17 18 19 20 21 22 23 24
25 26 27 28 29 30 31 32
Exercises
Given a subnet mask of /17, what is the
corresponding dotted-decimal notation?
Given a subnet mask of /22, what is the
corresponding dotted-decimal notation?
Given a subnet mask of /30, what is the
corresponding dotted-decimal notation?
Example
We are going to subnet the network address 192.168.10.0 using the subnet mask
255.255.255.192
Network address = _____________________
Subnet Mask = ________________________
How many subnets?_____________________
How many hosts per subnet? _____________
What are the valid subnets? ______________
What’s the broadcast address for each
subnet?_______________
What are the valid hosts?
________________________________
Virtual Local Area Networks
A virtual local area network (VLAN) allows you to
create groups of users and systems and segment
them on the network.
This segmentation lets you hide segments of the
network from other segments and thereby control
access.
Remote Access
Tunneling refers to creating a virtual dedicated
connection between two systems or networks.
You create the tunnel between the two ends by
encapsulating the data in a mutually agreed-upon
protocol for transmission. In most tunnels, the data
passed through the tunnel appears at the other side as
part of the network.
Remote Access Services (RAS)

Remote Access Services (RAS) refers to any server service that

offers the ability to connect remote systems.
The RAS connection is accomplished via dial-up (plain-old
telephone service [POTS] and a modem) or network
technologies such as VPNs, ISDN, DSL, and cable modems.