How to configure Port Address Translation (PAT) on Cisco routers

1,050 views

cisco

Overview

Port Address Translation (PAT), is an extension to the well known Network Address Translation (NAT) protocol that allows multiple devices on a local area network (LAN) to access Internet resources using a single public IP address. NAT is defined in RFC 1631 and the main purpose of using it was to slow the depletion of public IP address space. A practical use of PAT is for example when an ISP allocates a public IP address for an organization which has many devices which need Internet access. PAT uses private IP address classes defined in RFC 1918 for all inside devices and also uses port numbers to identify the connection. When an internal host wants to communicate with the outside it sends a datagram with its private source address and a random port. The NAT router will then rewrite the source address and port with its public IP and sends the datagram to the requested resource. The response will come back to this same public address and port combination (called a socket) and can be translated back again.

Continue reading…

Configuring SSH on Cisco routers and switches

2,132 views

cisco

Overview

Older IOS images on Cisco devices used telnet as default login method for the vty lines. Nowadays using telnet is not safe because all traffic including usernames and passwords is transmitted in clear text. This way anybody using a protocol analyzer can gain access to the data. Lately telnet access method has been replaced by SSH which offers increased security by encrypting all traffic between source and destination. SSH protocol comes in two versions SSH1 and SSH2. Communication between the client and server is encrypted in both versions. You should implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm. SSH1 became available in Cisco’s IOS, starting with release 12.1(1)T. In order to use SSH2 you need a IOS version 12.3(4)T or newer.

Continue reading…