170 likes | 323 Views
Chapter 7: NAT in Internet and Intranet Designs. Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization. NAT and Microsoft Windows 2000. Network Address Translation (NAT) Is included in Routing and Remote Access
E N D
Chapter 7: NAT in Internet and Intranet Designs • Designs That Include NAT • Essential NAT Design Concepts • Data Protection in NAT Designs • NAT Design Optimization
NAT and Microsoft Windows 2000 • Network Address Translation (NAT) • Is included in Routing and Remote Access • Provides small office or home office (SOHO) connectivity • Supports translated connections only • Is not available in Windows 2000 Professional
NAT Design Review • Amount and confidentiality of data • Network resources accessed by remote users • Future growth plans • Existing routers • Network uptime
NAT Characteristics • NAT modifies the IP packet. • IP header • Transmission Control Protocol (TCP) header • User Datagram Protocol (UDP) header • IP packet data • NAT does not work with many protocols.
NAT Design Decisions • Base on organizational requirements. • Decide what the design will support. • Connection type • Client type • Connection method • Network filters • Remote access methods • Number of connections
NAT in SOHO Designs • Provides automatic IP configuration to Dynamic Host Configuration Protocol (DHCP) clients • Uses IP filters to restrict access • Provides automatic network address translation • Supports public and private IP addressing • Provides shared Internet access • Provides Internet connectivity over Windows 2000 network interface
NAT Server Interfaces • Minimum of two network interfaces • Persistent or nonpersistent connections • IP address and subnet mask
IP Address Assignment • NAT automatic address assignment • Manual configuration • Automatic Private IP Assignment (APIPA) • DHCP server
DNS Name Resolution • Clients need fully qualified domain name (FQDN)–to–IP resolution. • Clients use the DNS server to resolve FQDNs. • Manually configure for specific DNS servers • Specify automatic use of the DNS server NAT
Protecting SOHO Network Resources • Routing and Remote Access IP packet filters • NAT address mapping • NAT address pools
Restricting Internet Access • Use Routing and Remote Access IP packet filters. • Restrict outbound traffic by specifying IP headers. • Allow or disallow users access to Internet resources.
NAT Optimization • Dedicate a computer to running NAT. • Choose persistent Internet connection. • Consider using Microsoft Proxy Server 2.0 or Routing and Remote Access routing.
Chapter Summary • NAT is cost effective. • The NAT server should be placed between the network and the Internet. • Resources can be protected by using • Routing and Remote Access packet filters • NAT address mapping • NAT address pools • Use virtual private network (VPN) to protect confidential data. • NAT can be optimized.