session 6 tp 6
DESCRIPTION
TRANSCRIPT
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 1 of 17
Session 6NAT Network
Design
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 2 of 17
Features offered by routing are Internal network invisibility Existing network integration Internet and internal network traffic restriction
Encryption and authentication add more security through Routing and Remote Access
Static and dynamic routing are the two types of routing strategies
Windows operating system offers certain TCP/IP tools that enable to troubleshoot routing problems: Ping.exe Tracert.exe Pathping.exe
Review
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 3 of 17
Objectives Explain different types of NAT Describe NAT features Implement NAT Design the NAT Network Secure the NAT Network Enhance the NAT Network Design
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 4 of 17
Types of NAT NAT is a protocol that connects computers on the
internal network to other networks and to the Internet Different types of NAT are:
Static NAT: Translates unregistered IP addresses to an equal number of registered addresses so that each client uses the same address
Dynamic NAT: Translates each unregistered computer to a registered one
Masquerading: Translates all the unregistered IP addresses on the network to a single registered IP address
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 5 of 17
NAT features Internal IP Address and Public IP Address - Hides
the internal network IP address from the Internet IP Address Configuration - Provides automatic IP
address configuration to the clients in the internal network
Name Resolution - Provides a name resolution feature that forwards the name queries
Secure Internal Resources - Uses a specific port for each specific internal IP address
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 6 of 17
NAT implementation NAT features can be used effectively to
meet a Network Design Main consideration while designing NAT
Network are: Size of the network Kind of security needed by the
organization
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 7 of 17
Design the NAT Network We must provide two
network interfaces to the NAT server, one that is used for the internal network and the other for the Internet
We need to consider the following while implementing NAT: Location IP Address Rate of Data Flow and
Persistence
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 8 of 17
Automatic IP Address Configuration
NAT provides automatic IP address configuration to all the DHCP compliant clients in the internal network
This feature is utilized under the following conditions: DHCP provides the IP address in the network Only one single non-routed subnet
NAT clients have to be configured to receive their IP addresses from the NAT server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 9 of 17
Securing the NAT Network NAT implementations mostly depend on the
Masquerading technique for security NAT provides security to the internal
resources of the organization by default The number of registered IP addresses are
minimized
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 10 of 17
Securing the NAT Network Contd…
Security can be improved by using: Routing and Remote Access Filters Address pools and special ports to permit
internal resource access VPN connections
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 11 of 17
Routing and Remote Access Filters
We can restrict internal or Internet access by specifying routing and remote access IP filters for all interfaces of the NAT server
IP filters restrict access based on the IP address range and protocol (either incoming or outgoing)
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 12 of 17
Address Pools and Special Ports
Access can be specified for certain computers and applications by creating client reservations for IP addresses and mapping special ports
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 13 of 17
VPN Connections Used to restrict resource access Provides user authentication and data
encryption
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 14 of 17
Enhancing NAT Network Design
We must use one machine as the NAT server This machine always connects over
persistent routes and uses many internet connections
Benefits of using one dedicated machine as the NAT server are: Server characteristics Persistent connection Multiple internet connections
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 15 of 17
Summary NAT is included in the Routing and Remote
Access and aims to provide internet connection and protect internal resources
Steps involved in designing the NAT network are NAT integration for the network and selecting options in the NAT server
Location, IP Address, Rate of Data Flow, and Persistence influence the design of the NAT network
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 16 of 17
Summary Contd… Using Routing and Remote Access filters,
Address pools and special ports to permit internal resource access and VPN connections can improve security
We must devote one machine to the NAT server, always connecting over persistent routes to increase the performance and availability of NAT
NAT computer is configured to act as the DHCP computer for the computers on the internal network
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 17 of 17
Summary Contd… We can configure the dynamic IP Address
Assignment for private network clients from the Address Assignment tab in the NAT/Basic Firewall Properties dialog box
Name Resolution is configured from the Name Resolution tab in the NAT/Basic Firewall Properties dialog box
Masquerading technique of NAT is used to increase the NAT Network Security