session 6 tp 6

17
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 1 of 17 Session 6 NAT Network Design

Upload: githe26200

Post on 19-Nov-2014

481 views

Category:

Technology


5 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 1 of 17

Session 6NAT Network

Design

Page 2: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 2 of 17

Features offered by routing are Internal network invisibility Existing network integration Internet and internal network traffic restriction

Encryption and authentication add more security through Routing and Remote Access

Static and dynamic routing are the two types of routing strategies

Windows operating system offers certain TCP/IP tools that enable to troubleshoot routing problems: Ping.exe Tracert.exe Pathping.exe

Review

Page 3: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 3 of 17

Objectives Explain different types of NAT Describe NAT features Implement NAT Design the NAT Network Secure the NAT Network Enhance the NAT Network Design

Page 4: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 4 of 17

Types of NAT NAT is a protocol that connects computers on the

internal network to other networks and to the Internet Different types of NAT are:

Static NAT: Translates unregistered IP addresses to an equal number of registered addresses so that each client uses the same address

Dynamic NAT: Translates each unregistered computer to a registered one

Masquerading: Translates all the unregistered IP addresses on the network to a single registered IP address

Page 5: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 5 of 17

NAT features Internal IP Address and Public IP Address - Hides

the internal network IP address from the Internet IP Address Configuration - Provides automatic IP

address configuration to the clients in the internal network

Name Resolution - Provides a name resolution feature that forwards the name queries

Secure Internal Resources - Uses a specific port for each specific internal IP address

Page 6: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 6 of 17

NAT implementation NAT features can be used effectively to

meet a Network Design Main consideration while designing NAT

Network are: Size of the network Kind of security needed by the

organization

Page 7: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 7 of 17

Design the NAT Network We must provide two

network interfaces to the NAT server, one that is used for the internal network and the other for the Internet

We need to consider the following while implementing NAT: Location IP Address Rate of Data Flow and

Persistence

Page 8: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 8 of 17

Automatic IP Address Configuration

NAT provides automatic IP address configuration to all the DHCP compliant clients in the internal network

This feature is utilized under the following conditions: DHCP provides the IP address in the network Only one single non-routed subnet

NAT clients have to be configured to receive their IP addresses from the NAT server

Page 9: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 9 of 17

Securing the NAT Network NAT implementations mostly depend on the

Masquerading technique for security NAT provides security to the internal

resources of the organization by default The number of registered IP addresses are

minimized

Page 10: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 10 of 17

Securing the NAT Network Contd…

Security can be improved by using: Routing and Remote Access Filters Address pools and special ports to permit

internal resource access VPN connections

Page 11: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 11 of 17

Routing and Remote Access Filters

We can restrict internal or Internet access by specifying routing and remote access IP filters for all interfaces of the NAT server

IP filters restrict access based on the IP address range and protocol (either incoming or outgoing)

Page 12: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 12 of 17

Address Pools and Special Ports

Access can be specified for certain computers and applications by creating client reservations for IP addresses and mapping special ports

Page 13: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 13 of 17

VPN Connections Used to restrict resource access Provides user authentication and data

encryption

Page 14: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 14 of 17

Enhancing NAT Network Design

We must use one machine as the NAT server This machine always connects over

persistent routes and uses many internet connections

Benefits of using one dedicated machine as the NAT server are: Server characteristics Persistent connection Multiple internet connections

Page 15: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 15 of 17

Summary NAT is included in the Routing and Remote

Access and aims to provide internet connection and protect internal resources

Steps involved in designing the NAT network are NAT integration for the network and selecting options in the NAT server

Location, IP Address, Rate of Data Flow, and Persistence influence the design of the NAT network

Page 16: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 16 of 17

Summary Contd… Using Routing and Remote Access filters,

Address pools and special ports to permit internal resource access and VPN connections can improve security

We must devote one machine to the NAT server, always connecting over persistent routes to increase the performance and availability of NAT

NAT computer is configured to act as the DHCP computer for the computers on the internal network

Page 17: Session 6 Tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 17 of 17

Summary Contd… We can configure the dynamic IP Address

Assignment for private network clients from the Address Assignment tab in the NAT/Basic Firewall Properties dialog box

Name Resolution is configured from the Name Resolution tab in the NAT/Basic Firewall Properties dialog box

Masquerading technique of NAT is used to increase the NAT Network Security