2 cissp ® Official Study Guide Eighth Edition

Network Address Translation 
551
By connecting a NAT proxy router or a wireless access point, you are usually attempting 
to re-NAT what was NATed to you initially. One confi guration setting that can either 
make or break this setup is the IP address range in use. It is not possible to re-NAT the 
same subnet. For example, if your existing network is offering 192.168.1.x addresses, 
then you cannot use that same address range in your new NATed subnet. So change the 
confi guration of your new router/WAP to perform NAT on a slightly different address 
range, such as 192.168.5.x, so you won’t have the confl ict. This seems obvious, but it is 
quite frustrating to troubleshoot the unwanted result without this insight.
All routers and traffi c-directing devices are confi gured by default not to forward traffi c 
to or from these IP addresses. In other words, the private IP addresses are not routed by 
default. Thus, they cannot be directly used to communicate over the internet. However, 
they can be easily used on private networks where routers are not employed or where slight 
modifi cations to router confi gurations are made. Using private IP addresses in conjunction 
with NAT greatly reduces the cost of connecting to the internet by allowing fewer public IP 
addresses to be leased from an ISP. 
Attempting to use these private IP addresses directly on the internet is 
futile because all publicly accessible routers will drop data packets con-
taining a source or destination IP address from these RFC 1918 ranges.

Download 19,3 Mb.

Do'stlaringiz bilan baham: