Enjoy Some Pictures with My World!!!

Configuring Network Address Translation: Getting Started

Introduction

This document explains configuring Network Address Translation (NAT) on a Cisco router for use in common network scenarios. The target audience of this document is first time NAT users.

Note: In this document, when the internet, or an internet device is referred to, it means a device on any external network.

Prerequisites

Requirements

This document requires a basic knowledge of the terms used in connection with NAT. Some of the definitions can be found in NAT: Local and Global Definitions.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco 2500 Series Routers

• Cisco IOS^® Software Release 12.2 (10b)

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Quick Start Steps for Configuring and Deploying NAT

When you configure NAT, it is sometimes difficult to know where to begin, especially if you are new to NAT. These steps guide you to define what you want NAT to do and how to configure it:

1. Define NAT inside and outside interfaces.

   • Do users exist off multiple interfaces?

   • Are there multiple interfaces going to the internet?

2. Define what you're trying to accomplish with NAT.

   • Are you trying to allow internal users to access the internet?

   • Are you trying to allow the internet to access internal devices (such as a mail server or web server)?

   • Are you trying to redirect TCP traffic to another TCP port or address?

   • Are you using NAT during a network transition (for example, you changed a server's IP address and until you can update all the clients you want the non-updated clients to be able to access the server using the original IP address as well as allow the updated clients to access the server using the new address)?

   • Are you using NAT to allow overlapping networks to communicate?

3. Configure NAT in order to accomplish what you defined above. Based on what you defined in step 2, you need determine which of the following features to use:

   • Static NAT

   • Dynamic NAT

   • Overloading

   • Any combination of the above

4. Verify the NAT operation.

Each of the following NAT examples guides you through steps 1 through 3 of the Quick Start Steps above. These examples describe some common scenarios in which Cisco recommends you deploy NAT.

Defining NAT Inside and Outside Interfaces

The first step in deploying NAT is to define NAT inside and outside interfaces. You may find it easiest to define your internal network as inside, and the external network as outside. However, the terms internal and external are subject to arbitration as well. The figure below shows an example of this.

Example: Allowing Internal Users to Access the Internet

You may want to allow internal users to access the internet, but you may not have enough valid addresses to accommodate everyone. If all communication with devices in the internet will originate from the internal devices, you need a single valid address or a pool of valid addresses.

The figure below shows a simple network diagram with the router interfaces defined as inside and outside:

In this example, we want NAT to allow certain devices (the first 31 from each subnet) on the inside to originate communication with devices on the outside by translating their invalid address to a valid address or pool of addresses. The pool has been defined as the range of addresses 172.16.10.1 through 172.16.10.63.

Now you are ready to configure NAT. In order to accomplish what is defined above, use dynamic NAT. With dynamic NAT, the translation table in the router is initially empty and gets populated once traffic that needs to be translated passes through the router. (As opposed to static NAT, where a translation is statically configured and is placed in the translation table without the need for any traffic.)

In this example, we can configure NAT to translate each of the inside devices to a unique valid address, or to translate each of the inside devices to the same valid address. This second method is known as overloading. An example of how to configure each method is given below.

Configuring NAT to Allow Internal Users to Access the Internet

NAT Router

interface ethernet 0 ip address 10.10.10.1 255.255.255.0 ip nat inside !--- Defines Ethernet 0 with an IP address and as a NAT inside interface. interface ethernet 1 ip address 10.10.20.1 255.255.255.0 ip nat inside !--- Defines Ethernet 1 with an IP address and as a NAT inside interface. interface serial 0 ip address 172.16.10.64 255.255.255.0 ip nat outside !--- Defines serial 0 with an IP address and as a NAT outside interface. ip nat pool no-overload 172.16.10.1 172.16.10.63 prefix 24 ! !--- Defines a NAT pool named no-overload with a range of addresses !--- 172.16.10.1 - 172.16.10.63. ip nat inside source list 7 pool no-overload ! ! !--- Indicates that any packets received on the inside interface that !--- are permitted by access-list 7 !--- will have the source address translated to an address out of the !--- NAT pool "no-overload". access-list 7 permit 10.10.10.0 0.0.0.31 access-list 7 permit 10.10.20.0 0.0.0.31 !--- Access-list 7 permits packets with source addresses ranging from !--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.

Note: Cisco highly recommends that you do not configure access lists referenced by NAT commands with permit any. Using permit any can result in NAT consuming too many router resources which can cause network problems.

Notice in the above configuration that only the first 32 addresses from subnet 10.10.10.0 and the first 32 addresses from subnet 10.10.20.0 are permitted by access-list 7. Therefore, only these source addresses are translated. There may be other devices with other addresses on the inside network, but these won't be translated.

The final step is to verify that NAT is operating as intended.

Configuring NAT to Allow Internal Users to Access the Internet Using Overloading

NAT Router

interface ethernet 0 ip address 10.10.10.1 255.255.255.0 ip nat inside !--- Defines Ethernet 0 with an IP address and as a NAT inside interface. interface ethernet 1 ip address 10.10.20.1 255.255.255.0 ip nat inside !--- Defines Ethernet 1 with an IP address and as a NAT inside interface. interface serial 0 ip address 172.16.10.64 255.255.255.0 ip nat outside !--- Defines serial 0 with an IP address and as a NAT outside interface. ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24 ! !--- Defines a NAT pool named ovrld with a range of a single IP !--- address, 172.16.10.1. ip nat inside source list 7 pool ovrld overload ! ! ! ! !--- Indicates that any packets received on the inside interface that !--- are permitted by access-list 7 will have the source address !--- translated to an address out of the NAT pool named ovrld. !--- Translations will be overloaded which will allow multiple inside !--- devices to be translated to the same valid IP address. access-list 7 permit 10.10.10.0 0.0.0.31 access-list 7 permit 10.10.20.0 0.0.0.31 !--- Access-list 7 permits packets with source addresses ranging from !--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.

Note in the second configuration above, the NAT pool "ovrld"only has a range of one address. The keyword overload used in the ip nat inside source list 7 pool ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.

Another variation of this command is ip nat inside source list 7 interface serial 0 overload, which configures NAT to overload on the address that is assigned to the serial 0 interface.

When overloading is configured, the router maintains enough information from higher-level protocols (for example, TCP or UDP port numbers) to translate the global address back to the correct local address. For definitions of global and local address, refer to NAT: Global and Local Definitions.

The final step is to verify that NAT is operating as intended.

Example: Allowing the Internet to Access Internal Devices

You may need internal devices to exchange information with devices on the internet, where the communication is initiated from the internet devices, for example, email. It's typical for devices on the internet to send email to a mail server that resides on the internal network.

Configuring NAT to Allow the Internet to Access Internal Devices

In this example, we first define the NAT inside and outside interfaces, as shown in the network diagram above.

Second, we define that we want users on the inside to be able to originate communication with the outside. Devices on the outside should be able to originate communication with only the mail server on the inside.

The third step is to configure NAT. To accomplish what we've defined, we can configure static and dynamic NAT together. For more information on how to configure this example, refer to Configuring Static and Dynamic NAT Simultaneously.

The final step is to verify that NAT is operating as intended.

Example: Redirecting TCP Traffic to Another TCP Port or Address

Having a web server on the internal network is another example of when it may be necessary for devices on the internet to initiate communication with internal devices. In some cases the internal web server may be configured to listen for web traffic on a TCP port other than port 80. For example, the internal web server may be configured to listen to TCP port 8080. In this case, you can use NAT to redirect traffic destined to TCP port 80 to TCP port 8080.

After you define the interfaces as shown in the network diagram above, you may decide that you want NAT to redirect packets from the outside destined for 172.16.10.8:80 to 172.16.10.8:8080. You can use a static nat command to translate the TCP port number to achieve this. A sample configuration is shown below.

Configuring NAT to Redirect TCP Traffic to Another TCP Port or Address

NAT Router

interface ethernet 0 ip address 172.16.10.1 255.255.255.0 ip nat inside !--- Defines Ethernet 0 with an IP address and as a NAT inside interface. interface serial 0 ip address 200.200.200.5 255.255.255.252 ip nat outside !--- Defines serial 0 with an IP address and as a NAT outside interface. ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80 !--- Static NAT command that states any packet received in the inside !--- interface with a source IP address of 172.16.10.8:8080 will be !--- translated to 172.16.10.8:80.

Note that the configuration description for the static NAT command indicates any packet received in the inside interface with a source address of 172.16.10.8:8080 will be translated to 172.16.10.8:80. This also implies that any packet received on the outside interface with a destination address of 172.16.10.8:80 will have the destination translated to 172.16.10.8:8080.

The final step is to verify that NAT is operating as intended.

Example: Using NAT During a Network Transition

Deploying NAT is useful when you need to readdress devices on the network or when you're replacing one device with another. For instance, if all devices in the network use a particular server and this server needs to be replaced with a new one that has a new IP address, reconfiguring all the network devices to use the new server address will take some time. In the meantime, you can use NAT to configure the devices using the old address to translate their packets to communicate with the new server.

Once you have defined the NAT interfaces as shown above, you may decide that you want NAT to allow packets from the outside destined for the old server address (172.16.10.8) to be translated and sent to the new server address. Note that the new server is on another LAN, and devices on this LAN or any devices reachable through this LAN (devices on the inside part of the network), should be configured to use the new server's IP address if possible.

You can use static NAT to accomplish what you need. A sample configuration is shown below.

Configuring NAT for Use During a Network Transition

NAT Router

interface ethernet 0 ip address 172.16.10.1 255.255.255.0 ip nat outside !--- Defines Ethernet 0 with an IP address and as a NAT outside interface. interface ethernet 1 ip address 172.16.50.1 255.255.255.0 ip nat inside !--- Defines Ethernet 1 with an IP address and as a NAT inside interface. interface serial 0 ip address 200.200.200.5 255.255.255.252 !--- Defines serial 0 with an IP address. This interface is not !--- participating in NAT. ip nat inside source static 172.16.50.8 172.16.10.8 !--- States that any packet received on the inside interface with a !--- source IP address of 172.16.50.8 will be translated to 172.16.10.8.

Note that the inside source NAT command in this example also implies that packets received on the outside interface with a destination address of 172.16.10.8 will have the destination address translated to 172.16.50.8.

The final step is to verify that NAT is operating as intended.

Example: Using NAT in Overlapping Networks

Overlapping networks result when you assign IP addresses to internal devices that are already being used by other devices within the internet. Overlapping networks also result when two companies, both of whom use RFC 1918 IP addresses in their networks, merge. These two networks need to communicate, preferably without having to readdress all their devices. Refer to Using NAT in Overlapping Networks for more information about configuring NAT for this purpose.

Difference between One-to-One Mapping and Many-to-Many

A static NAT configuration creates a one-to-one mapping and translates a specific address to another address. This type of configuration creates a permanent entry in the NAT table as long as the configuration is present and enables both inside and outside hosts to initiate a connection. This is mostly useful for hosts that provide application services like mail, web, FTP and so forth. For example:

Router(config)#ip nat inside source static 10.3.2.11 10.41.10.12
Router(config)#ip nat inside source static 10.3.2.12 10.41.10.13

Dynamic NAT is useful when fewer addresses are available than the actual number of hosts to be translated. It creates an entry in the NAT table when the host initiates a connection and establishes a one-to-one mapping between the addresses. But, the mapping can vary and it depends upon the registered address available in the pool at the time of the communication. Dynamic NAT allows sessions to be initiated only from inside or outside networks for which it is configured. Dynamic NAT entries are removed from the translation table if the host does not communicate for a specific period of time which is configurable. The address is then returned to the pool for use by another host.

For example, complete these steps of the detailed configuration:

1. Create a pool of addresses

   Router(config)#ip nat pool MYPOOLEXAMPLE
   10.41.10.1 10.41.10.41 netmask 255.255.255.0
   

2. Create an access-list for the inside networks that has to be mapped

   Router(config)#access-list 100 permit ip
   10.3.2.0 0.0.0.255 any
   

3. Associate the access-list 100 that is selecting the internal network 10.3.2.0 0.0.0.255 to be natted to the pool MYPOOLEXAMPLE and then overload the addresses.

   Router(config)#ip nat inside source list 100 pool
    MYPOOLEXAMPLE overload
   

Verifying NAT Operation

Once you've configured NAT, verify that it is operating as expected. You can do this in a number of ways: using a network analyzer, show commands, or debug commands. For a detailed example of NAT verification, refer to Verifying NAT Operation and Basic NAT Troubleshooting.

Conclusion

The examples in this document demonstrate quick start steps can help you configure and deploy NAT. These quick start steps include:

1. Defining NAT inside and outside interfaces.

2. Defining what you are trying to accomplish with NAT.

3. Configuring NAT in order to accomplish what you defined in Step 2.

4. Verifying the NAT operation.

In each of the examples above, various forms of the ip nat inside command were used. You can also use the ip nat outside command to accomplish the same objectives, keeping in mind the NAT order of operations. For configuration examples using the ip nat outside commands, refer to Sample Configuration Using the ip nat outside source list Command and Sample Configuration Using the ip nat outside source static Command.

The examples above also demonstrated the following:

Command	Action
ip nat inside source	Translates the source of IP packets that are traveling inside to outside. Translates the destination of the IP packets that are traveling outside to inside.
ip nat outside source	Translates the source of the IP packets that are traveling outside to inside. Translates the destination of the IP packets that are traveling inside to outside.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

NetPro Discussion Forums - Featured Conversations for RP

Service Providers: MPLS

inter-as option B summary vpnv4 route at ASBR boundary - Dec 11, 2008 summary vpn routes:Hierarchy of Provider Edge Device in BGP/MPLS VPN - Dec 11, 2008 7613, PBR Inside an VRF - Dec 11, 2008 VRF with Radius AVP - Dec 10, 2008 MPLS @ Dynamips - Dec 8, 2008

Virtual Private Networks: Services

VPN Client and Vista - Dec 10, 2008 Cant bring GRE Tunnel up - Dec 10, 2008 What is the max IPSEC session with in a VPN Tunnel - Dec 10, 2008 L2L VPN - Dec 10, 2008 access remote Peer application through WebVPN - Dec 8, 2008

Virtual Private Networks: Security

polycom behind the asa. - Dec 11, 2008 isakmp initiation - Dec 11, 2008 Log file of server attackers - Dec 11, 2008 EIGRP with DMVPN - Dec 11, 2008 Best way to allow contractors to VPN in? - Dec 11, 2008

---

Small Steps for Cambodia's 'Jungle Girl'

Cambodia's long-lost "jungle girl" makes progress in small steps after 18 years in the forest

PHNOM PENH—Cambodia’s “jungle girl,” who lived alone in the forest for 18 years after vanishing at age nine, has learned to dress herself, bathe, and laugh in the year-and-a-half since she returned to her family. But she remains unable to speak, her father and a local police officer say.

“She knows how to do a lot of things. She just doesn’t speak,” her father, Sal Lou, said in an interview. “She mostly stays alone, laughing, singing, and talking to herself in her animal-jungle language that we cannot understand.”

“I would like to appeal to the U.S. government to help bring my daughter to the States where she can have an opportunity to receive treatment, rehabilitation, and learn to speak from medical doctors and other specialists.”

He also said he hopes for assistance from the Cambodian government and other countries.

Sal Lou, 43 and a retired police officer, identified his oldest child, Rochom P’ngieng, by a scar on her arm after villagers reported seeing a naked woman stealing food in January 2007. She has lived with Sal Lou, his wife, six other children, and six grandchildren since then.

"Her body is transformed. Her complexion is changing. And she is charming."
Police detective Ma Vichit

“I think she is different now. She seems to know or be aware more of things around her. We can see that she can eat, can dress by herself... Now she is happy. She looks very fresh, her face is brightening... I do not mean to praise my own child, but everyone who comes to see her loves her.”

She now dresses, bathes, and feeds herself, as well as playing and laughing with her nieces and nephews, he said. She now also walks almost upright, according to Sal Lou and district police detective Ma Vichit.

‘Animal-jungle language’

Rochom P’ngieng, now 29, vanished in 1989 while tending buffalo near the jungle in Cambodia’s remote northern Rattanakiri province.

Her plight came to light when a villager noticed some of his food had been taken and staked out the area, 350 kms (220 miles) northeast of Phnom Penh.

Sal Lou said he knows Rochom P’ngieng understands spoken language because “when we tell her to eat or take a bath, she does accordingly. She also takes a bath and rubs herself clean by herself, but we have to fetch the water for her. But she never takes anything without people give it to her directly...”

No doctors or aid workers have visited her since January 2007, he said. Nor has her DNA been tested to ascertain that she is Sal Lou’s daughter. She ran back to the jungle for nine days in April 2007, but her mother retrieved her after village children reported seeing her.

"She mostly stays alone, laughing, singing, and talking to herself in her animal-jungle language that we cannot understand."
Sal Lou, father

“When she feels hungry she would go and look for food to eat, and she eats by herself. She can understand what we say to her, but she does not speak,” he said, adding that her routine consists of washing, eating two meals a day, and little more.

Asked if she understands who she is, he replied, “I cannot say anything about this, because she hasn’t spoken yet. But I believe she knows and understands everything.”

“The spirits haven’t allowed her to talk—it’s not the right time yet. Also we don’t have money to make an offering to the spirits who have been taking care of her... We need one buffalo to do the offering.”

Small steps

Ma Vichit, the police detective, cited “15 percent progress” over the last 18 months. Her family is trying to teach her both Khmer and their own minority Pnong language, he said.

“She tries to use a spoon now,” he said in an interview. “She tries to help in the kitchen. And she can alert someone when she needs to be taken to urinate. Her activity is a little inconsistent, though—she can concentrate only for short periods.”

“But her body is transformed. Her complexion is changing. And she is charming,” Ma Vichit said.

Sal Lou also said his daughter prefers vegetables at meals.

“She takes any food we would normally eat, but she prefers vegetables and fruits to meat. As you know, in the jungle there are only fruits and vegetables that she used to eat. She eats some meat, but mostly she picks the vegetables,” he said.

“We bring new clothes and tell her to get changed. She changes into the clean clothes by herself. But she does not know how to wash and clean the dirty clothes, so we have to wash for her,” he said.

“She plays and laughs with her nieces and nephews, holding, carrying, hugging, and kissing them. I can see that she does love her nieces and nephews, six of them. I have six grandchildren. We live together though we are very poor.”

Original reporting by Yanny Hin for RFA’s Khmer service. Khmer service director: Sos Kem. Executive producer: Susan Lavery. Written and produced in English by Sarah Jackson-Han.

How to last longer during sex

By kay29000

There are a lot of men that suffer the problem of premature ejaculation, a problem that leaves a man handicap during intercourse. Handicap meaning not being able to last as long as necessary to satisfy their partner. It's becomes a big problem to a lot of relationships and marriages, when the man ejaculates just seconds into the sexual intercourse. A lot of men suffer in silence, and some shy away from having a relationship because of this. I have here, different ways, and methods that can work in solving the problem of premature ejaculation. There are a lot of listed methods that work better than the common spray, or pills some people depend on. All you have to do is chose the one that would work with you by trying them out.

• Full concentration.

Step1

The first thing to do is get healthy. That has to do with watching what you eat. stay away from too much fatty foods, drink lots of water to flush your system everyday. Try to stay away from junk food. Eat alot of fruits and vegetables, they are very good for your health. Also try and do daily exercises. You dont have to start big, go from one stage to the other. gradually, slow and steady wins the race. Try jogging every morning, from point A to point B, then try and increase it the next day. You would gradually feel healthier and stronger every day.

Step2

The next step is to know your body, know how your body responds. Alot of people are shy of viewing their body's and dont know how they react to stimuli. The main problem with premature ejaculation has to do with anxiety when it comes to having sex. People are so excited about it that there body react to fast and the sex is over in no time. So it would be good to take time out everyday, and relax, and touch different parts of your body to know how you respond. And you also have to be relaxed.

Step3

This might sound funny, but i suggest masturbation as a form of solving the problem. A lot of people might ask, why? But i found out that a lot of people that have this problem have it because they have been masturbating in the first place. A lot of guys masturbate in a hurry, in toilet, in their rooms, in the bushes, scared all the while not to be seen by anybody. That is the big problem, because the guy does it in a hurry, it is over in a hurry, and the person sexual organ gets used to that time frame from the start of start to ejaculation during sex. So even when the person is not masturbating, but having sex with a girl, he last as long as he would last if he were masturbating, which might be between 1-2minutes, or even less. So the solution is for the person to try and relax, after following the first two steps, to try and last longer during masturbation. Try and make the ejaculation be delayed, like stoping when you are about to come. And also other methods like taking your mind away from sex while masturbating, this would prolong the ejaculation during masturbating. Try this about three or four times, and you would see some very good improvement during sex, when next you have it. I say this because it worked for me, and my friend i recommended it to. And also, while having sex itself, try and take your mind off sex for a while, or try counting, that is something i used to do. This has to do with counting from one to ten, then start again from one to ten. When you do it for awhile, u will find out that you have lasted at least 6minutes without knowing it, and then you can then relax and have fun, by then, your sexual organ is already used to going that long

Tips & Warnings

• Just remember that the problem is more psychological than physical, so it is a mind thing. You have to prepare your mind for it, that means you have to be relaxed while going through any of the steps. And you have to know it would work.
• Do not get carried away while going to the step 3, where u masturbate and make yourself last longer. So when you are about to come, try self controlling yourself by stopping and continue later. That is the only way the steps can work.

Cambodian Women Suffer More Violence

2008-11-26

A brutal assault on two Cambodian women highlights what the government says is an escalating pattern of violence against women.

PHNOM PENH—A Khmer-American man has confessed to pouring gasoline on his fiancée and her sister and burning them at their home in Cambodia’s northwestern Battambang province, authorities here say, amid what the government describes as a worsening pattern of violence against women.

Tan Nilong, 56, who lives in Auckland, California, admitted in Battambang Court on Nov. 25 that he attempted to burn 21-year-old Yan Kimhean to death because she had broken off their engagement.

Tan Sophal, chief of provincial military police, said that the evidence found at Yan’s home in the Baek Chan village of Prek Preah Sdach commune was consistent with the admission.

“This is a case of jealousy…evidence left at the scene of the crime consists of a bag, a slightly-burnt [five liter] jerry can, and a small knife,” Tan said.

The victim’s family has filed a complaint demanding U.S.$250,000 in compensation and medical treatment for both of the young women injured in the attack.

Khmer officials said the U.S. Embassy had agreed that Tan should be tried under Cambodian law because he hadn’t yet completed the U.S. naturalization process.

‘I saw the face clearly’

Tan Nilong was engaged to Yan Kimhean on June 29 but Yan broke off the engagement in November, saying she no longer trusted her fiancé, relatives said.

The victims’ mother, Pin Sarath, said in an interview that her two daughters, Yan Kimhean and Yan Chanrith, 14, were washing dishes behind their home on the evening of Nov. 22 when Tan Nilong attacked them.

“They [the daughters] asked for the engagement [with Yan Kimhean] to be ended. He said all right and then he drove a motorcycle away,” Pin said. “No one expected he would do such a thing. My daughters were washing the dishes at the back of the house. He poured gasoline on them and burnt them.”

Yan Chanrith, whose arms and legs were burned in the incident, said she had no doubt that it was Tan who had attacked them.

“I was washing the dishes with my older sister when Ta [Grandfather] Long [Tan Nilong] walked toward us and started to douse us with gasoline. I stood up and saw his face clearly—it was that Long who poured the gasoline and burnt us,” she said.

The victims were sent to Visal Sokh Hospital in Battambang and on the morning of Nov. 23 were transferred to Phnom Penh for further medical treatment. Yan Kimhean suffered serious burns over most of her body.

New report

Tan Nilong’s confession came as the Cambodian Ministry of Women's Affairs issued a new report Wednesday that says abuse against women and girls is escalating in Cambodia.

The Cambodian Gender Assessment Survey 2008 reported that nearly one-quarter of all females in Cambodia have suffered domestic violence, with young girls increasingly a target of sexual assault.

Increasing use of drugs and alcohol by men has increased attacks, including gang rape, against female Cambodians, the report said, calling on law enforcement agencies to redouble their efforts to combat them.

Still, Minister of Women's Affairs Ing Kantha Phavi cited some progress in combating violence against women.

The government “has taken significant steps to reduce violence against women,” she said in a statement, alluding to laws against domestic abuse and official benchmarks on violence and human trafficking.

The government released its report on the United Nations’ International Day for the Elimination of Violence Against Women.

Rape is a criminal offense and punishable by a prison sentence of between five and 10 years, according to the United Nations Transitional Authority in Cambodia (UNTAC) law.

The nonprofit group ADHOC [the Cambodian Human Rights and Development Association] said that between January and October it received 1,017 complaints regarding violence against women and children.

These included 584 concerning domestic violence, 368 concerning rape, and 65 complaints related to human trafficking.

Lim Mony, head of the ADHOC working group, said that according to the reports and complaints she has received, violence against women in Cambodia is on the rise.

“We find the major problems to include a lack of proper law enforcement, a lack of awareness [of the laws] by the Khmer people, and poverty conditions,” Lim Mony said.

Chhay Kimsor, of the Gender and Development for Cambodia project, said his group this week launched a campaign through Dec. 10 targeting four provinces—Banteay Meanchey, Pursat, Kompong Chhnang, and Prey Veng.

“We’ll have roundtable discussions on TV, radio talk shows, public meetings, and marches to distribute ribbons, leaflets, stickers, posters, and banners,” he said.

Original reporting by Sophal Mony, Ma Yarith, Um Sarin, and Keo Nimol for RFA’s Khmer service. Khmer service director: Sos Kem. Written for the Web in English by Joshua Lipes. Edited by Sarah Jackson-Han.