Tag Archives: nat

Using NVI to Allow Internal Hosts to Connect to Public Addresses of Hosted Servers

IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has … Continue reading

Posted in CCNA, Certification, General, Network, Security, Technology | Tagged , , , | 8 Comments

Source and Destination NAT with IOS VPN

Last week’s article, IOS VPN and Overlapping IP addresses, looked at the art of dealing with address overlap by leveraging our knowledge of source NAT. That article demonstrated a solution when the parties responsible for both VPN devices have the … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Technology | Tagged , , | 7 Comments

IOS VPN and Overlapping Addresses

In an ideal world, we’d not have to deal with IP address overlap. However, there are many factors that may require us to do so. These factors include things like acquisitions, mergers or partner relationships. When the need to address … Continue reading

Posted in CCIE Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

Cisco ASA — Minimizing Challenges with VPN and Management Traffic

The ASA appliance is a very popular choice for the branch office environment. It provides flexible security and is a good termination point for a VPN connection back to a headquarter location. One challenge that technicians often run into is … Continue reading

Posted in CCNA Security, Certification, Network, Security, Technology | Tagged , , , , | 1 Comment

Cisco ASA 8.4 VPN — Dealing with Internet Hairpin Traffic

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Earlier, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical ASA environment. In another … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 2 Comments

Hairpinning VPN and Internet With NAT In ASA 8.2

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Some time back, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 5 Comments

NAT, NAT and PAT–Deduplicating The Terminology

NAT, or Network Address Translation, is unnecessarily tricky to define and explain. One of the big challenges is the fact that it is loosely used and often needs clarification. For example while NAT is an umbrella term that represents all types of … Continue reading

Posted in CCNA, CCNA Security, Certification, General, Rant, Technology | Tagged , , , | Leave a comment

Is A PAT Router a FW?

A couple of weeks ago Russ White wrote a Packet Pushers article called “Obscurity, Security, Reality“. His article was published later in the same day that I had published “The Truth About Security by Obscurity“. Obscurity, Security, Reality spawned quite … Continue reading

Posted in Blogroll, Rant, Security, Technology | Tagged , , , | 6 Comments

VRFing 103, Using NAT Virtual Interfaces for Global Reachability

The last few technical articles I’ve written have been around the topic of VRFs. VRF, short for Virtual Routing an Forwarding, is basically a way to carve out areas of isolation in your router. The way this is accomplished is … Continue reading

Posted in Network, Technology | Tagged , , , | 12 Comments

VRFing 102, Providing Internet Access With Dynamic PAT

Last week I wrote an article called VRFing 101, Understanding VRF Basics. This was a short and simple introduction into a technology that provides tremendous flexibility for network designers. With flexibility, complexity always follows. This is true in the case … Continue reading

Posted in Network, Technology | Tagged , , , , | 6 Comments

Hairpinning Internet and VPN Traffic in Cisco IOS with NAT

This week I wanted to address a concept that comes up occasionally. This is the concept of hair-pinning Internet traffic through a VPN. For this particular case study, we will use an IOS based Cisco router to terminate both ends … Continue reading

Posted in Network, Security, Technology | Tagged , , , , , | 21 Comments

Old School Method of IOS Static NAT Exemption

Last week, I wrote an article that demonstrated the challenges of static NAT when combined with VPNs using RFC1918 address space. We created exemptions using route-maps within the static nat statements. Cisco didn’t introduce route-maps for static translations until 12.2(4)T. … Continue reading

Posted in Network, Security | Tagged , , , , , , , | 1 Comment