session 6 tp 6

Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 6 / Slide 1 of 17

Session 6NAT Network

Design


Features offered by routing are Internal network invisibility Existing network integration Internet and internal network traffic restriction

Encryption and authentication add more security through Routing and Remote Access

Static and dynamic routing are the two types of routing strategies

Windows operating system offers certain TCP/IP tools that enable to troubleshoot routing problems: Ping.exe Tracert.exe Pathping.exe

Review


Objectives Explain different types of NAT Describe NAT features Implement NAT Design the NAT Network Secure the NAT Network Enhance the NAT Network Design


Types of NAT NAT is a protocol that connects computers on the

internal network to other networks and to the Internet Different types of NAT are:

Static NAT: Translates unregistered IP addresses to an equal number of registered addresses so that each client uses the same address

Dynamic NAT: Translates each unregistered computer to a registered one

Masquerading: Translates all the unregistered IP addresses on the network to a single registered IP address


NAT features Internal IP Address and Public IP Address - Hides

the internal network IP address from the Internet IP Address Configuration - Provides automatic IP

address configuration to the clients in the internal network

Name Resolution - Provides a name resolution feature that forwards the name queries

Secure Internal Resources - Uses a specific port for each specific internal IP address


NAT implementation NAT features can be used effectively to

meet a Network Design Main consideration while designing NAT

Network are: Size of the network Kind of security needed by the

organization


Design the NAT Network We must provide two

network interfaces to the NAT server, one that is used for the internal network and the other for the Internet

We need to consider the following while implementing NAT: Location IP Address Rate of Data Flow and

Persistence


Automatic IP Address Configuration

NAT provides automatic IP address configuration to all the DHCP compliant clients in the internal network

This feature is utilized under the following conditions: DHCP provides the IP address in the network Only one single non-routed subnet

NAT clients have to be configured to receive their IP addresses from the NAT server


Securing the NAT Network NAT implementations mostly depend on the

Masquerading technique for security NAT provides security to the internal

resources of the organization by default The number of registered IP addresses are

minimized


Securing the NAT Network Contd…

Security can be improved by using: Routing and Remote Access Filters Address pools and special ports to permit

internal resource access VPN connections


Routing and Remote Access Filters

We can restrict internal or Internet access by specifying routing and remote access IP filters for all interfaces of the NAT server

IP filters restrict access based on the IP address range and protocol (either incoming or outgoing)


Address Pools and Special Ports

Access can be specified for certain computers and applications by creating client reservations for IP addresses and mapping special ports


VPN Connections Used to restrict resource access Provides user authentication and data

encryption


Enhancing NAT Network Design

We must use one machine as the NAT server This machine always connects over

persistent routes and uses many internet connections

Benefits of using one dedicated machine as the NAT server are: Server characteristics Persistent connection Multiple internet connections


Summary NAT is included in the Routing and Remote

Access and aims to provide internet connection and protect internal resources

Steps involved in designing the NAT network are NAT integration for the network and selecting options in the NAT server

Location, IP Address, Rate of Data Flow, and Persistence influence the design of the NAT network


Summary Contd… Using Routing and Remote Access filters,

Address pools and special ports to permit internal resource access and VPN connections can improve security

We must devote one machine to the NAT server, always connecting over persistent routes to increase the performance and availability of NAT

NAT computer is configured to act as the DHCP computer for the computers on the internal network


Summary Contd… We can configure the dynamic IP Address

Assignment for private network clients from the Address Assignment tab in the NAT/Basic Firewall Properties dialog box

Name Resolution is configured from the Name Resolution tab in the NAT/Basic Firewall Properties dialog box

Masquerading technique of NAT is used to increase the NAT Network Security

session 6 tp 6

Technology