NAT & its Types | U-Turn NAT | Static NAT | Dynamic IP NAT

In a series of articles from Basic to advance Network Security, as today we will explain the topics Below.

· NAT & its types
· U-Turn NAT.

What is NAT?

NAT means translation of IP Address. Normally everyone understands that translation from private (non-routable) to public routable IP, but actually this translation can be between Private-to-Public and Public-to-Private IP Addresses. Let’s Clarify in Details Below.

Types of NAT?

Ø Source NAT
Ø Destination NAT

Source NAT: In the source NAT below are two conditions

Ø Traffic flow from LAN(Internal) to Internet (WAN) and the source private IP address will be translated.

Types of Source NAT:

Dynamic IP and Port (DIPP) OR NAPT (Network Address port translation):

In this type of Source NAT, the Translation of one-to-many IP Addresses plus different port number, for example in LAN have 10 hosts all are translating to one public IP Address with different port.

This NAT is also called interface-based NAT as all Internal LAN hosts translate to one external Public IP Address.

Dynamic IP: Dynamic translation of one-to-one means if five hosts in LAN & five public IP Addresses then all are translating to unique public IP Addresses without changing port number. If add one new host in LAN as now 6 then this host will not translate & connection dropped.

The Best Design in this case is to configure Dynamic IP & DIPP NAT.

Static NAT:

Static one-to-one translation means manually assigning a public IP Address to a Private IP Address.

Static Vs Dynamic IP NAT:

The difference between static & Dynamic IP is in the static fixed bond between private & public But in Dynamic it’s randomly assigns one Public IP from out of multiple IP addresses.

Destination NAT: Below are two conditions for destination NAT.

Ø Traffic flow from the Internet (WAN) to LAN (Internal Network) and Destination IP Address will be translated.in other words translation of Public Destination IP Address to Private Destination IP Address.

Destination NAT is used in case when Servers located in DMZ Zone that are accessing users from Public Internet means Incoming Traffic.

Types of Destination NAT:

Static NAT:

One-to-one Translation but it’s not means that only one public destination IP Address translate to Private Destination IP Address, In static NAT there will one-to-one or many-to-many like range of IP Addresses.

Port translation & port forwarding also possible in Destination NAT.

In Static DNAT we can configure port forwarding & port translation as well.

Port forwarding means if server in DMZ is listening on port 80 then if any request is received from outside internet on port 80 HTTP default port number, then it’s just forward & fetch data. But if the Server in DMZ is configured on port 8080 due to some security reason default port is changed for HTTP services, for this need to configure Static DNAT with port translation.

In Static DNAT two types.

· Static DNAT with port forwarding
· Static DNAT with port translation.

Dynamic IP (with session distribution) NAT:

In this NAT translation or mapping of the original (external interface IP or another IP of firewall) to Dynamic Destination IP Address (Destination server IP address), means the destination IP address is not static its changes from time to time.

If the original destination is one IP Address in the packet from the internet (outside) needs to translate to multiple destination IP Addresses (internal servers) means one outside IP map to multiple inside IP Addresses then the firewall uses session distribution against each translated IP address.

Below are steps to configure the NAT policy for DIPP NAT.

As the General & Original Packet options are the same But in Dynamic IP NAT only Translated Packet portion change Below screenshot for reference & the most important thing here we can configure Dynamic IP/Port fallback as well to achieve both DIPP & Dynamic IP functions.

Destination U-Turn NAT:

If some servers are running in DMZ Zone & user are accessing from internet for required services. Now one user in LAN same organization want to access these services for this no special policy between LAN & DMZ but it’s through U-Turn NAT first go outside then come back through internet to DMZ red arrow showing flow.

Below scenario of U-Turn NAT

In this type of NAT, both Source DIPP NAT & Static Destination need to configure. The source & Destination IP of the packet will be translated.

In Next section will cover other security-related topics theoretically & with LAB implementation as well.

Keep Learning, Keep Reading, and Keep Growing. IT & IP is the future.

Interview Questions:

· What is NAT?
· NAT Types?
· Source & Destination NAT
· U turn NAT
· Static Vs Dynamic IP NAT
· DIPP vs NAPT

NAT & its Types | U-Turn NAT | Static NAT | Dynamic IP NAT | NAPT

Post a Comment

0 Comments

Popular Posts

EVE-NG Setup & VMWare installation for Multi Vendors Devices

What is Firewall ,Types, Zone, DMZ & Next Generation Firewall

Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec & GRE

Technology

Categories

Tags

Most Recent

Random Posts

Most Popular

EVE-NG Setup & VMWare installation for Multi Vendors Devices

What is Firewall ,Types, Zone, DMZ & Next Generation Firewall

Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec & GRE

NAT & its Types | U-Turn NAT | Static NAT | Dynamic IP NAT | NAPT

Post a Comment

0 Comments

Social Plugin

Popular Posts

EVE-NG Setup & VMWare installation for Multi Vendors Devices

What is Firewall ,Types, Zone, DMZ & Next Generation Firewall

Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec & GRE

Technology

Categories

Tags

Most Recent

Random Posts

Most Popular

EVE-NG Setup & VMWare installation for Multi Vendors Devices

What is Firewall ,Types, Zone, DMZ & Next Generation Firewall

Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec & GRE