1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Content</title>
<base target="_self">
</head>
<body background="../../images/bg.gif" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" onLoad="window.focus();" link="#808080" vlink="#808080" alink="#808080">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#336666" width="18" valign="top">
<img border="0" src="../../images/content_lines.gif" width="16" height="25">
<img border="0" src="../../images/transdot.gif" width="2" height="1"></td>
<td bgcolor="#336666"><font face="Arial" size="2" color="#FFFFFF"><b>1.1</b></font></td>
<td bgcolor="#336666"><img border="0" src="../../images/transdot.gif" width="10" height="1"></td>
<td bgcolor="#336666" width="100%">
<b><font face="Arial" size="2" color="#FFFFFF">Scaling Networks with NAT
and PAT</font></b></td>
<td width="9" bgcolor="#336666"> </td>
</tr>
<tr>
<td bgcolor="#669999" height="25" width="18"> </td>
<td bgcolor="#669999" height="25"><b><font face="Arial" size="2" color="#FFFFFF">
1.1.7</font></b></td>
<td bgcolor="#669999"><img border="0" src="../../images/transdot.gif" width="10" height="1"></td>
<td bgcolor="#669999" height="25" width="100%"><b>
<font face="Arial" size="2" color="#FFFFFF">Issues with NAT</font></b></td>
<td bgcolor="#669999" height="25" width="9"> </td>
</tr></table>
<table border="0" cellpadding="0" cellspacing="0" width="95%" bordercolor="#111111">
<tr>
<td width="15"></td>
<td>
<font FACE="Arial" SIZE="2">
NAT has several advantages, including:
<img border="0" src="../../images/1.gif" align="absmiddle" width="12" height="12"></font><ul>
<li>
<font FACE="Arial" SIZE="2">
NAT conserves the legally registered addressing scheme by allowing
the privatization of intranets. </font></li>
<li>
<font face="Arial" size="2">Increases the flexibility of connections
to the public network. Multiple pools, backup pools, and load
balancing pools can be implemented to assure reliable public network
connections. </font>
</li>
<li>
<font face="Arial" size="2">Consistency of the internal network
addressing scheme. On a network without private IP addresses and NAT,
changing public IP addresses requires the renumbering of all hosts on
the existing network. The costs of renumbering hosts can be
significant. NAT allows the existing scheme to remain while supporting
a new public addressing scheme. </font></li>
</ul>
<p>
<font FACE="Arial" SIZE="2">
NAT is not without drawbacks. Enabling address translation will cause
a loss of functionality, particularly with any protocol or application
that involves sending IP address information inside the IP payload.
This requires additional support by the NAT device.</font></p>
<p>
<font face="Arial" size="2">NAT increases delay. Switching path delays
are introduced because of the translation of each IP address within
the packet headers.</font></p>
<p>
<font face="Arial" size="2">Performance may be a consideration because
NAT is currently accomplished by using process switching. The CPU must
look at every packet to decide whether it has to translate it. The CPU
must alter the IP header, and possibly alter the TCP header.</font></p>
<p>
<font FACE="Arial" SIZE="2">
One significant disadvantage when implementing and using NAT is the
loss of end-to-end IP traceability. It becomes much more difficult to
trace packets that undergo numerous packet address changes over
multiple NAT hops. Hackers who want to determine the source of a
packet will find it difficult to trace or obtain the original source
or destination address. </font></p>
<p>
<font FACE="Arial" SIZE="2">
NAT also forces some applications that use IP addressing to stop
functioning because it hides end-to-end IP addresses. Applications
that use physical addresses instead of a qualified domain name will
not reach destinations that are translated across the NAT router.
Sometimes, this problem can be avoided by implementing static NAT
mappings. </font></p>
<p>
<font face="Arial" size="2">Cisco IOS NAT supports the following
traffic types:
<img border="0" src="../../images/2.gif" align="absmiddle" width="12" height="12"></font></p>
<ul>
<li>
<font FACE="Arial" SIZE="2">
ICMP </font></li>
<li>
<font FACE="Arial" SIZE="2">
File Transfer Protocol (FTP), including PORT and PASV commands </font>
</li>
<li>
<font FACE="Arial" SIZE="2">
NetBIOS over TCP/IP, datagram, name, and session services </font>
</li>
<li>
<font FACE="Arial" SIZE="2">
RealNetworks' RealAudio </font></li>
<li>
<font face="Arial" size="2">White Pines' CUSeeMe </font></li>
<li>
<font face="Arial" size="2">Xing Technologies' StreamWorks </font></li>
<li>
<font FACE="Arial" SIZE="2">
DNS "A" and "PTR" queries </font></li>
<li>
<font face="Arial" size="2">H.323/Microsoft NetMeeting, IOS versions
12.0(1)/12.0(1)T and later </font></li>
<li>
<font face="Arial" size="2">VDOnet's VDOLive, IOS versions
11.3(4)11.3(4)T and later </font></li>
<li>
<font FACE="Arial" SIZE="2">
VXtreme's Web Theater, IOS versions 11.3(4)11.3(4)T and later </font></li>
<li>
<font FACE="Arial" SIZE="2">
IP Multicast, IOS version 12.0(1)T with source address translation
only </font>
</li>
</ul>
<p>
<font FACE="Arial" SIZE="2">
Cisco IOS NAT does not support the following traffic types:</font></p>
<ul>
<li>
<font FACE="Arial" SIZE="2">
Routing table updates </font></li>
<li>
<font FACE="Arial" SIZE="2">
DNS zone transfers </font></li>
<li>
<font FACE="Arial" SIZE="2">
BOOTP </font></li>
<li>
<font FACE="Arial" SIZE="2">
talk and ntalk protocols </font></li>
<li>
<font FACE="Arial" SIZE="2">
Simple Network Management Protocol (SNMP)</font></li>
</ul>
<p>
<TABLE bgcolor="#B0AFAF" width="95%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top">
<TABLE bgcolor="#669999" width="100%" cellspacing="0" cellpadding="0" border="0">
<TR>
<TD width="5">
<img border="0" src="../../images/lab_toplft.gif" width="116" height="23"></TD>
<TD><IMG alt="" height="1" width="3" src="../../images/s.gif"></TD><TD align="right" valign="top">
<IMG alt="" src="../../images/corner_ur_7.gif" width="7" height="7"></TD>
</TR>
</TABLE>
<TABLE bgcolor="#B0AFAF" width="100%" cellspacing="0" cellpadding="0" border="0">
<TR>
<TD>
<TABLE width="100%" cellpadding="2" cellspacing="0" border="0" bordercolor="#111111">
<TR>
<TD bgcolor="#ffffff" width="15"> </TD>
<TD bgcolor="#ffffff"><font FACE="Arial" SIZE="2" COLOR="#000000">
<p><font color="#808080">
<a href="javascript:void(0)" onClick="window.open('../../activities/ch01/activity_1_1_7.html','Interactivity','width=740,height=390,toolbar=0,resizable=yes,scrollbars=0,screenX=26,screenY=38,left=26,top=38');">
<img border="0" src="../../images/media_icon.gif" width="25" height="25"></a> <b>
<a onClick="window.open('../../activities/ch01/activity_1_1_7.html','Interactivity','width=740,height=390,toolbar=0,resizable=yes,scrollbars=0,screenX=26,screenY=38,left=26,top=38');" href="javascript:void(0)">Interactive Media Activity</a></b></font></p>
</font><font FACE="Arial" SIZE="2" COLOR="#808080">
<p>Checkbox: Issues with NAT</p>
<p>When the student has completed this activity, the student
will be able to identify issues with the use of NAT.</p>
</font><font FACE="Arial" SIZE="2" COLOR="#000000">
<p><IMG alt="" height="2" width="1" src="../../images/s.gif"></p></TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
<TABLE bgcolor="#B0AFAF" width="95%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top">
<TABLE bgcolor="#669999" width="100%" cellspacing="0" cellpadding="0" border="0">
<TR>
<TD width="5">
<img border="0" src="../../images/lab_toplft.gif" width="116" height="23"></TD>
<TD><IMG alt="" height="1" width="3" src="../../images/s.gif"></TD><TD align="right" valign="top">
<IMG alt="" src="../../images/corner_ur_7.gif" width="7" height="7"></TD>
</TR>
</TABLE>
<TABLE bgcolor="#B0AFAF" width="100%" cellspacing="0" cellpadding="0" border="0">
<TR>
<TD>
<TABLE width="100%" cellpadding="2" cellspacing="0" border="0" bordercolor="#111111">
<TR>
<TD bgcolor="#ffffff" width="15"> </TD>
<TD bgcolor="#ffffff"><font FACE="Arial" SIZE="2" COLOR="#000000">
<p><font color="#808080">
<img border="0" src="../../images/links_icon.gif" width="25" height="25">
<b>Web Links</b></font></p>
</font><font FACE="Arial" SIZE="2" COLOR="#808080">
<p>Verifying NAT Operation and Basic NAT Troubleshooting<p>
<a target="_blank" href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml">
http://www.cisco.com/en/US/tech/</a><br>
<a target="_blank" href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml">
tk648/tk361/technologies_tech_note</a><br>
<a target="_blank" href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml">
09186a0080094c32.shtml</a></font></p>
<p>
<IMG alt="" height="2" width="1" src="../../images/s.gif"></p>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE><p>
</td>
</tr>
</table>
</body>
</html>
|
