RIP V1 – Some points to remember

Routing advertisements Transmit rules :

1. If the to-be-advertised network and the interface on which it has to be transmitted on, has same major networks and masks, then it sends the subnet.
2. If the to-be-advertised network and the interface on which it has to be transmitted on, has same major networks but different masks, then the router will drop the update.
3. If the to-be-advertised network and the interface on which it has to be transmitted on, has different major networks, then, the router sends the the major network alone/summarized route.

Receiving routing updates manipulating rules :

1. If the major network of the received updated and the interface on which it is received has same major network, then it assumes the mask of that interface.
2. If the major network of the received update and the interface on which it is received has different major network, then the router assumes the default mask .

· When a router received the update, it first stores in the router, then increments the metric by 1 and send it to the neighbor.

Inside/Outside Static/Dynamic NAT/PAT & Policy Nat.

I am skeptical about the 100% authenticity of these terminology, but I guess most of it should be correct.

Inside dynamic NAT
Translates between host addresses on more secure interfaces and a range or pool of IP addresses on a less secure interface. This provides a one-to-one mapping between internal and external addresses that allows internal users to share registered IP addresses and hides internal addresses from view on the public Internet.

Inside dynamic PAT
Translates between host addresses on more secure interfaces and a single address on a less secure interface. This provides a many-to-one mapping between internal and external addresses. This allows internal users to share a single registered IP address and hides internal addresses from view on the public Internet. PAT is supported for fewer applications than is NAT. For restrictions on its use, refer to the "How Application Inspection Works" section on page 5-1 in Chapter 5, "Configuring Application Inspection (Fixup)."

Inside static NAT
Provides a permanent, one-to-one mapping between an IP address on a more secure interface and an IP address on a less secure interface. This allows hosts to access the inside host from the public Internet without exposing the actual IP address.

Outside dynamic NAT
Translates between a host address on a less secure interface and a range or pool of IP addresses on a more secure interface. This provides a one-to-one mapping between an external and an internal address. This is most useful for controlling the addresses that appear on inside interfaces of the PIX Firewall and for connecting private networks with overlapping addresses.

Outside dynamic PAT
Translates between host addresses on less secure interfaces and a single address on a more secure interface. This provides a many-to-one mapping between external addresses and an internal address.

Outside static NAT
Provides a permanent, one-to-one mapping between an IP address on a less secure interface and an IP address on a more secure interface.

Policy NAT
Translates source and destination address pairs to different global statements, even if the source address is the same. For example, traffic from IP address A to server A can be translated to global address A, while traffic from IP address A to server B can be translated to global address B.


These definitions are from Config Guide 6.3 of PIX Firewall

What is this "Hide Nat"

I guess "Hide Nat" is just another term for PAT. Is is also called "masquerading" on Linux.

Inside/Outside Local/Global

"Local address" is an IP address that appears on the "inside" portion of the network. Similarly, "Global address" is any address that appears on the "outside" portion of the network. These terms would be helpful to understand the following terminology better:

Inside local address - The IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer's OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.

Inside global address - A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.

Outside local address - The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.

Outside global address - The IP address assigned to a host on the outside network by the host's owner. The address is allocated from a globally routable address or network space.
For better understanding, kindly look into the example given with a picture in the document http://www.cisco.com/warp/public/556/8.html

Nat Transperancy

Yesterday, I was talking to Mohan about it. I read about this topic a couple of times but since I could not understand it clearly, leaft it at that.

If there is a NAT device between two IPSec end points, it will change the Source Address of the packet, which would fail the matching of Hash at the other end point. To avoid this kind of failure, we use Nat T. Nat T is configured on both ends to encapsulate the packet in a UDP packet with port number 4500. Nat device that is somewhere in between can change the source Address of this UDP packet only, but the original packet is intact, due to which Hash value will match at the remote end. This is Nat-T, simplified :-)