1 chapter 7: nat in internet and intranet designs designs that include nat essential nat design...

17
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

Upload: geraldine-barker

Post on 29-Jan-2016

232 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

1

Chapter 7: NAT in Internet and Intranet Designs

Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

Page 2: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

2

NAT and Microsoft Windows 2000

Network Address Translation (NAT) Is included in Routing and Remote Access Provides small office or home office (SOHO)

connectivity Supports translated connections only Is not available in Windows 2000

Professional

Page 3: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

3

NAT Design Review

Amount and confidentiality of data Network resources accessed by remote

users Future growth plans Existing routers Network uptime

Page 4: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

4

NAT Characteristics

NAT modifies the IP packet. IP header Transmission Control Protocol (TCP) header User Datagram Protocol (UDP) header IP packet data

NAT does not work with many protocols.

Page 5: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

5

NAT Design Decisions

Base on organizational requirements. Decide what the design will support.

Connection type Client type Connection method Network filters Remote access methods Number of connections

Page 6: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

6

Stand-Alone SOHO Design

Page 7: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

7

NAT in SOHO Designs Provides automatic IP configuration to

Dynamic Host Configuration Protocol (DHCP) clients

Uses IP filters to restrict access Provides automatic network address

translation Supports public and private IP addressing Provides shared Internet access Provides Internet connectivity over

Windows 2000 network interface

Page 8: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

8

Branch Office Connectivity Design

Page 9: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

9

NAT in the Network Design

Page 10: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

10

NAT Server Interfaces

Minimum of two network interfaces Persistent or nonpersistent connections IP address and subnet mask

Page 11: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

11

IP Address Assignment

NAT automatic address assignment Manual configuration Automatic Private IP Assignment

(APIPA) DHCP server

Page 12: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

12

DNS Name Resolution

Clients need fully qualified domain name (FQDN)–to–IP resolution.

Clients use the DNS server to resolve FQDNs. Manually configure for specific DNS servers Specify automatic use of the DNS server

NAT

Page 13: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

13

Protecting SOHO Network Resources

Routing and Remote Access IP packet filters

NAT address mapping NAT address pools

Page 14: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

14

Restricting Internet Access

Use Routing and Remote Access IP packet filters.

Restrict outbound traffic by specifying IP headers.

Allow or disallow users access to Internet resources.

Page 15: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

15

Protecting Corporate Network Resources

Page 16: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

16

NAT Optimization

Dedicate a computer to running NAT. Choose persistent Internet connection. Consider using Microsoft Proxy Server

2.0 or Routing and Remote Access routing.

Page 17: 1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization

17

Chapter Summary NAT is cost effective. The NAT server should be placed

between the network and the Internet. Resources can be protected by using

Routing and Remote Access packet filters NAT address mapping NAT address pools

Use virtual private network (VPN) to protect confidential data.

NAT can be optimized.