CCIE Practical Studies, Volume I

 <  Free Open Study  >  

NAT Limitations and Uses

NAT provides a great alternative to readdressing your network to provide access to the Internet and other IP services. NAT also provides inherent security for the inside network by preventing outside network hosts from initiating sessions. However, NAT does have its limitations. Many protocols, such as SNMP and BOOTP, embed an IP address in the data stream. Some applications ignore the source address of the IP header and, in turn , use the embedded address in the data stream for routing back to the host in which the message was received. In these instances, NAT will fail. NAT recognizes some of these traffic types, and special sets of instructions are used to handle that type of traffic, such as FTP. Table 15-3 lists those traffic types that are supported and not supported by NAT.

Table 15-3. Traffic Type Support for NAT

Traffic Types/Applications Supported by NAT Traffic Types/Applications Not Supported by NAT
Any TCP/UDP traffic that does not carry source or destination IP address in the application data stream

IP multicast.

In Cisco IOS Software Release 12.0.(1)T, the following are now supported:

Data packet source address translation

PIM, Auto-RP, PIM V2, and BSR

mstat, mrinfo, and mtrace

SDR advertisement or app. payload

HTTP Routing table updates.
TFTP DNS zone transfers.
TELNET BOOTP.
Archie Talk, ntalk.
Finger SNMP.
NTP Netshow.
NFS  
Rlogin, RSH, RCP  

The following carry IP addresses in the application data stream and are supported by NAT:

ICMP.

FTP. (See the following section for nonstandard port operation.)

Net BIOS over TCP/IP (Datagram and name services only; session service support will be supported in a future IOS.)

Progressive Networks' RealAudio, RTSP is not supported.

White Pines' CuSeeMe.

Xing Technologies' SteamWorks.

DNS "A" and "PTR" queries.

H.323-IOS 12.0(1)/12.0(1)T and later.

NetMeeting 2.1, 2.11, 3.01 ”IOS 12.0(1)/12.0(1)T and later.

NetMeeting Directory (ILS Servers) ”12.1(5)T.

VDOLive ”IOS 11.3(4)/11.3(4)T and later.

Vxtreme ”IOS 11.3(4)/11.3(4)T and later.

 

NOTE

NAT pools and translations are subject to the Subnet 0 rule. Translations will fail if the NAT pool is on IP Subnet 0. Cisco IOS Software Release 12.0 and later have the ip subnet zero command enabled by default. If you want to use Subnet 0 for your NAT pool on devices running Cisco IOS Software with releases earlier than 12.0, you will need to use the ip subnet zero command.

 <  Free Open Study  >  
Related

Категории