c







 






 Private addressing

 
 









—





is the process of swapping one address for

another in the IP packet header e.g. 10.0.0.3 ï
179.9.8.80
i.e. the source address of the packet is changed by
R

—

 
is designed to conserve IP addresses
and enable networks to use private IP
addresses on internal networks.

hese private, internal addresses are
translated to routable, public addresses.

—



c 



 Inside local address ±
he IP address assigned to a host on

the inside network.
his address is likely to be a private
address. Local means that a local person is looking at the
address. Inside means that the packet is coming from a host
that is inside your network

—



"#

 c 
$
 % 
$

&c


'
c(

 $



)
)

 




 

c(
 


 


—
!


"#

 Inside global address ± global means that a

person from the public is looking at the address.
Inside means that the packet is coming from a host
inside your network.
—
*


"#

 mutside global address % 

c(


,

 
 







 


 

 
—
+


"#

 mutside local address is usually the same as

the outside global address but will be different
if the server also has a private address that has
been translated.
—
-


"#
1 2

—
./


"#

—
..


"#

—
.
(
% (

 

 P
(Port ddress
ranslation) 



 

single (
c(



 $




///
 
 

—
.
 (
% (

 

 P
stores the
P/UDP source port to track inside

Host addresses. ote different vendors do this different
ways. Usually a cisco router tracks the source port but
doesn¶t change its value. With P
a multiple private IP
addresses can be translated by a single public address
(many-to-one translation).

his solves the limitation of 
which is one-to-one
translation.
—
.
 ,$$
—



c,

)
$

  0


 

statically translate 

,

,
servers
—
.
If you have enough public addresses, you
may use statically translate some of them
for servers. Static 
is used when
special hosts (e.g. Web Server) needs
to always translate to the same inside
global address. —
.!
 ,$$
—





 



./..

.-.!+.

1,'2

 

&
,/3/'
1,'2


 
&
—/3/'
—
.*
 



1 reate a pool
2 Write an access list to access the pool
3 onnect the pool with the inside hosts and the
access list
4
urn on 
on the interfaces
—
.+



1.

.*--++/
.*--++


   /



 ,

 


 ,




nat-pool1
!
 




$
 ++/ —
.-
 1 
.


././/
///


  ,


 

  


 

 


 





—
/


 


 
.



nat-pool1







  
,


 


 


 

 




 —
.


 

 

.


nat-pool1
)
$


)
$



(

4
(


 
—

(
 







 






 —

 ,$
(
% 5)

 ip nat inside source list 1

interface serial 0 overload
Each inside local address is
translated to the router¶s S0
address
—

 6,$

3(




 
7


  
—

 


 

,

(  



,,


 —
!
 6,$

3(




 
—
*


  
8






—
+
 $

3(

—
-
 c 


3(
 
also forces some applications
that use IP addressing to stop
functioning because it hides end-to-end
IP addresses
e.g. the SIP protocol used for VoIP writes
IP and port information inside the data.
Special methods (e.g. S
U,
UR) are
used to try and make SIP work with 
.)

—
/
c 


3(

—
.