Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
5
Helpful
2
Replies

Routing Table

Go to solution
Senbonzakura
Level 1
Level 1

‎03-16-2021 06:28 AM

Hey guys, I need some clarification.

 

When it comes to routing for some reason I can't quite grasp it. So here we go.

 

Lets say I have two interfaces point towards each other and I want to route traffic from one to another, what would I have to type? R1 is 192.168.0.1 and R2 is 192.168.1.1.

 

What would I type on R1 to R2 then what would I type on R2 to R1?

 

R1) ip route then what? so lets say x.x.x.x 255.255.255.0 G/0 x.x.x.x

 

then where it says G0/0 would that be the interface you're telling that network to send the information out of to the network after that stated interface? Also, is there a way to route traffic without NAT?

 

In what situations would you choose NAT over other methods?

 

---------------------------------------------------

 

Another question is, with an ASA Firewall I got internet going through it with VLANS and all but I'm fully trying to understand it as well.

 

The spot where you have to use nat (VLAN250,outside) dynamic interface.

 

is this command saying to translate the address from the interface labeled as VLAN250 to the interface labeled as outside? then what does the dynamic do compared to the static?

 

Thanks again everyone!

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-16-2021 07:48 AM - edited ‎03-16-2021 07:50 AM

Hello @Senbonzakura ,

first of all, routing requires two network devices to share a common IP subnet between them as there is no hatural way to hop.

 

Everything is based on the OSI layer 7 model.

So internetworking happens if ARP can work in the common IP subnet to resolve the MAC address of the next-hop.

 

R1  ----    common subnet ----- R2  -------   Intenet

 

in the example described here R2 need to know the internal subnets behind R1 and R1 just needs to know that R2 can be used for whatever destination.

so R1 will have a static default route pointing to R2 IP address in the common subnet

 

ip route 0.0.0.0 0.0.0.0 192.168.0.2

 

R2 can have something like

ip route 10.100.0.0 255.255.0.0 192.168.0.1

 

>> Also, is there a way to route traffic without NAT?

 

Yes , many on routers only Firewalls like ASA attempt to perform NAT by default.

There are routing protocols like OSPF, EIGRP, BGP, IS-IS that performs dynamic routing without using NAT. ASA supports also these routing protocols.

 

>> In what situations would you choose NAT over other methods?

NAT is not a form of routing . NAT is used when needed and essentially in two scenarios:

- internet access to give internet access to users using private IP addresses per RFC 1918

- when joining two company networks that have overlapping subnets

 

Other scenarios are possible.

 

>> nat (VLAN250,outside) dynamic interface.

 

This is called PAT Port based NAT a single public IP address can be used give internet access to multiple internal users by using a NAT table that track the IP address , the L4 protocol (TCP/UDP) and the source port of each user.

 

in router configuration it uses the keyword overload.

 

This way we save on public IP address space needs as a single address can represent 65,000 different "sessions"

 

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-16-2021 07:48 AM - edited ‎03-16-2021 07:50 AM

Hello @Senbonzakura ,

first of all, routing requires two network devices to share a common IP subnet between them as there is no hatural way to hop.

 

Everything is based on the OSI layer 7 model.

So internetworking happens if ARP can work in the common IP subnet to resolve the MAC address of the next-hop.

 

R1  ----    common subnet ----- R2  -------   Intenet

 

in the example described here R2 need to know the internal subnets behind R1 and R1 just needs to know that R2 can be used for whatever destination.

so R1 will have a static default route pointing to R2 IP address in the common subnet

 

ip route 0.0.0.0 0.0.0.0 192.168.0.2

 

R2 can have something like

ip route 10.100.0.0 255.255.0.0 192.168.0.1

 

>> Also, is there a way to route traffic without NAT?

 

Yes , many on routers only Firewalls like ASA attempt to perform NAT by default.

There are routing protocols like OSPF, EIGRP, BGP, IS-IS that performs dynamic routing without using NAT. ASA supports also these routing protocols.

 

>> In what situations would you choose NAT over other methods?

NAT is not a form of routing . NAT is used when needed and essentially in two scenarios:

- internet access to give internet access to users using private IP addresses per RFC 1918

- when joining two company networks that have overlapping subnets

 

Other scenarios are possible.

 

>> nat (VLAN250,outside) dynamic interface.

 

This is called PAT Port based NAT a single public IP address can be used give internet access to multiple internal users by using a NAT table that track the IP address , the L4 protocol (TCP/UDP) and the source port of each user.

 

in router configuration it uses the keyword overload.

 

This way we save on public IP address space needs as a single address can represent 65,000 different "sessions"

 

Hope to help

Giuseppe

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎03-16-2021 08:53 AM

The original post asks several questions. @Giuseppe Larosa has provided information about each of them and I would like to add a bit to the explanation about NAT. The original post seems to think that NAT is some version of routing and Giuseppe points out that they are different things. Routing is about how to find the path that gets from the source to the destination while NAT is about what do the source address or destination address look like when they get to the destination.

 

Perhaps it might help to start with why we do NAT. NAT is Network Address Translation. So why would we want to translate addresses? There are Public IP addresses and Private IP addresses (networks 10.0.0.0, 172.16.0.0, and 192.168.0.0 as described in RFC 1918). A Public IP address needs to be unique in the whole Internet. As networks got larger and more of them we began to run out of Public IP addresses and developed the way to use Private addresses for the inside of our networks and Public IP outside of our networks. Private addresses do not need to be unique. So you may run your network using 192.168.0.0 and I can run my network using 192.168.0.0 and there is no conflict. But what if my network 192.168.0.0 wants to communicate with your network 192.168.0.0? To resolve this question when the packet from my network (which perhaps has source address of 192.168.0.20) gets to the device at the outside edge of my network (might be router or might be firewall) I will translate the source address from my private 192.168.0.20 into some Public IP that I use (perhaps 1.2.3.4). So when the packet gets to your network you do not see 192.168.0.20 but will see 1.2.3.4. So the Address Translation allows both private networks to communicate over the Public Internet.

 

The original post also asks about static NAT and dynamic NAT. With static NAT there is a one to one relationship between the Public and private addresses. The private IP always translates to the same Public IP, and that Public IP always translates to the same private IP. If your network has a web server that is accessed by the public over the Internet the IP address of the server might be 192.168.51.51. But the Public can not access 192.168.51.51 (there might be many devices in networks that use that address). So you would do a static translation translating 192.168.51.51 inside to 11.12.13.14 on the outside. So then people wanting to access your server would use 11.12.13.14 as the server address, the device at the edge of your network would translate that into 192.168.51.51 and could access your server. That one Public IP is dedicated to that server. If you had another server that needed to be accessed by the public over the Internet then you would need another Public IP. 

 

With static NAT you have a single Public IP at the edge of your network. When someone on the inside want to access the Internet their IP packet arrives at the edge device and gets dynamically translated, sharing that Public IP with many users inside. 

 

I hope this explanation helps you understand about choosing whether to use static NAT or dynamic NAT. If you have resources inside your network (using private IP on the device) that need to be accessed from the Internet then you want static NAT. If you just have users inside who need access to Internet then you want dynamic NAT.

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card