The task of the assignment is to configure a fully work network for company XYZ. The company XYZ currently has two main offices located in London and in Glasgow. Also near the London based office is the existing ISP connection. A list of specifications was supplied in order to complete the assignment. The following features were needed to make sure the network worked efficiently:
Network security (NAT & PAT)
The rest of this report will explain in detail the setup of the network and its main features. It will also show a copy of the router configurations that were used to set up the network. The configurations for the network setup have been appendix at the end of the report.
Network Address Translation (NAT)
2.1 What is NAT?
Network Address Translation (NAT) is an IETF standard that enables a local area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. All necessary IP address translations occur where the LAN interfaces with the broader Internet. NAT converts the packet headers (and in some cases the port numbers in the headers) for incoming and outgoing traffic and keeps track of each session. This does mean, however, that NAT overrides "Internet transparency", a practice in which packets remain intact throughout their transmission. NAT is also provided with Windows Internet Connection Sharing. NAT also acts as a firewall by hiding internal IP addresses, and allows an enterprise to bundle multiple ISDN connections into one Internet connection. Below is a diagram showing how NAT translate traffic coming into and leaving the private network:
Diagram taken from http://www.howstuffworks.com
The benefits of using NAT are;
It eliminates the need to readdress all internal hosts that require access to the external network. This in return saves time and ultimately capital
When networks are made using NAT to control external activity, they remain quite secure as these networks don't tend to advertise their IP addresses
Only one registered IP address is needed by the internal host to access external networks when using NAT. This then saves on IP addresses.
Port Address Translation (PAT)
3.1 Port Address Translation (PAT)
Port Address Translation, also know as PAT, is a feature of a NAT device that translates TCP or UDP connections made to a host and port on an outside network to a host and port on an inside network. PAT allows one single IP address to be used for many internal hosts. With PAT one outside IP address can account for over 64000 inside hosts. PAT relies on the fact that the source port is not important for most protocols. Similar to NAT, port translation makes changes to the sender's address and recipient's address on data packets. However, any IP address change involves the PAT devices outside IP address rather than a pool of addresses. Port numbers, not IP addresses, are used to designate different computers on the inside network. When a computer on the inside network sends a packet to the outside network, we still want to hide its sender's address. The PAT device replaces the inside IP address in the packet header's source field (sender's address) with the PAT devices outside IP address. It then assigns the connection a port number from a pool of available ports, inserts this port number in the packet header source port field, and places the packet on the outside network. The NAT device then makes an entry in its translation table containing the inside IP address, inside source port, and outside port. Subsequent packets from the same connection on the inside IP address are translated to the same outside port number translation. With a packet arriving from the outside, the process operates on the packet header's destination port. First, if the destination port number of the incoming packet is...
Please join StudyMode to read the full document