Summary

This chapter expanded on the foundation laid in the Chapter 11, discussed some of the issues related to using address translation, and detailed how you can deal with them. One of the biggest problems when using address translation is that some applications, especially NetBIOS and multimedia applications, embed addressing information in the data payload, which typically creates connection problems. The Cisco IOS supports address translation of embedded addressing information in more than a dozen applications. If an application is using a nonstandard port, you also can remap it with the ip nat service command.

With extended ACLs, you explicitly can control what traffic gets translated. If you need to perform translations with different sets of global addresses to two or more destinations, though, you must use a solution that creates extended entries, such as PAT or route maps. Route maps are more flexible because you can match on more information in the packet headers, which helps the Cisco IOS to determine if it needs to perform address translation or not on the actual packet.

The Cisco IOS provides for two types of redundancy for address translation solutions: static and dynamic. Static redundancy is provided by HSRP. Dynamic redundancy is implemented using SNAT with either HSRP or a manual primary/backup configuration. This provides a stateful failover process.

As mentioned in the previous chapter, the NAT function of the Cisco IOS provides the capability for traffic distribution, but it has its shortcomings. SLB solves these issues by providing a more scalable and manageable solution. The main limitation of SLB is that it works only on higher-end routers.

Next up is Part VI, "Managing Access Through Routers," which shows you how to authenticate connection requests before allowing them through a router. This part also teaches you how to provide protection for the routing protocol(s) on your router and how to use your routing protocol(s) to provide extra protection for your network.