Scribd
Upload
228 views

NAT Config

The document provides instructions for configuring various NAT scenarios on routers R1 and R2 for CCNA students. It describes how to configure static NAT with static and dynamic routing, dynamic NAT with static and dynamic routing, and PAT. The labs provide configuration steps and commands to test connectivity and verify the NAT configurations are working properly.

Uploaded by

Yasser Lyraa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
228 views

NAT Config

The document provides instructions for configuring various NAT scenarios on routers R1 and R2 for CCNA students. It describes how to configure static NAT with static and dynamic routing, dynamic NAT with static and dynamic routing, and PAT. The labs provide configuration steps and commands to test connectivity and verify the NAT configurations are working properly.

Uploaded by

Yasser Lyraa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

NAT (Network

Address Translation)
Configuration for
CCNA Students
By
Eng. Abeer Hosni

https://www.facebook.com/groups/1720572871550995/
Lab 1 (Static NAT with static routing):

Objective: (Consider raising R1 RAM to 256 MB on R1)


Configure static NAT onR1 so that the client is seen on the WAN using the address 50.0.0.1.

R1(config)#int f0/0

R1(config-if)#ip address 192.168.0.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#int f0/1

R1(config-if)#ip address 11.0.0.1 255.255.255.252

R1(config-if)#no shutdown

R2(config-if)#ip address 11.0.0.2 255.255.255.252

R2(config-if)#no shutdown
R2(config)#ip route 192.168.0.0 255.255.255.0 f0/0

R2(config)#line vty 0 4

R2(config-line)#password 123

R2(config-line)#login

To Test Connectivity:

C:\Users\abeer>ping 11.0.0.2

Pinging 11.0.0.2 with 32 bytes of data:

Request timed out.

Request timed out.

Reply from 11.0.0.2: bytes=32 time=46ms TTL=254

Reply from 11.0.0.2: bytes=32 time=46ms TTL=254

R2#show users

Line User Host(s) Idle Location

98 vty 0 idle 00:01:07 192.168.0.100


We will configure static NAT on R1.

R1(config)#ip nat inside source static 192.168.0.100 50.0.0.1

R1(config)#int f0/0

R1(config-if)#ip nat inside

R1(config-if)#int f0/1

R1(config-if)#ip nat outside

To Test Connectivity:

C:\Users\abeer>ping 11.0.0.2

Pinging 11.0.0.2 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

To solve this issue, R2 should have a route back to 50.0.0.0 network.

R2(config)#no ip route 192.168.0.0 255.255.255.0 f0/0

R2(config)#ip route 50.0.0.0 255.255.255.0 11.0.0.1

To Test Connectivity:

C:\Users\abeer>ping 11.0.0.2

Pinging 11.0.0.2 with 32 bytes of data:

Reply from 11.0.0.2: bytes=32 time=84ms TTL=254

Reply from 11.0.0.2: bytes=32 time=78ms TTL=254

Reply from 11.0.0.2: bytes=32 time=78ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254


To Verify:

R2#show users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 idle 00:00:59 50.0.0.1

Lab 2 (Static NAT with dynamic routing):


R2(config)#no ip route 50.0.0.0 255.255.255.0 11.0.0.1

R2(config)#router eigrp 1

R2(config-router)#no auto-summary

R2(config-router)#network 11.0.0.2 0.0.0.0

R1(config)#router eigrp 1

R1(config-router)#no auto-summary
R1(config-router)#network 192.168.0.1 0.0.0.0

R1(config-router)#network 11.0.0.1 0.0.0.0

Solution 1:

R1(config)#ip route 50.0.0.0 255.255.255.0 null0

R1(config)#router eigrp 1

R1(config-router)# redistribute static

Solution 2:

R1(config)#ip route 50.0.0.0 255.255.255.0 null0

R1(config)#router eigrp 1

R1(config-router)#network 50.0.0.0 0.0.0.255

Solution 3:

R1(config)#int loop 1

R1(config-if)#ip address 50.0.0.1 255.255.255.255

R1(config)#router eigrp 1

R1(config-router)#network 50.0.0.1 0.0.0.0

Solution 4:

R1(config)#int loop 1

R1(config-if)#ip add 50.0.0.1 255.255.255.255

R1(config)#router eigrp 1

R1(config-router)#redistribute connected

To Test Connectivity (The network should be pingable using any of the four solutions):

C:\Users\abeer>ping 11.0.0.2

Pinging 11.0.0.2 with 32 bytes of data:

Reply from 11.0.0.2: bytes=32 time=40ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254


Reply from 11.0.0.2: bytes=32 time=78ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254

Lab 3 (Dynamic NAT with static routing):

R1(config)#int f0/0

R1(config-if)#ip address 192.168.0.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#int f0/1

R1(config-if)#ip address 11.0.0.1 255.255.255.252

R1(config-if)#no shutdown

R2(config)#int f0/0

R2(config-if)#ip address 11.0.0.2 255.255.255.252

R2(config-if)#no shutdown

R2(config)#line vty 0 4

R2(config-line)#password 123

R2(config-line)#login
Now we will configure dynamic NAT on R1 using the pool 11.0.0.3 to 11.0.0.5.

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255

R1(config)#ip nat pool LAN 50.0.0.1 50.0.0.3 netmask 255.255.255.248

R1(config)#ip nat inside source list 1 pool LAN

R1(config)#int f0/0

R1(config-if)#ip nat inside

R1(config-if)#int f0/1

R1(config-if)#ip nat outside

R2(config)#ip route 50.0.0.0 255.255.255.0 11.0.0.1

After telnet from the client to 11.0.0.2:

R2#show users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 idle 00:00:13 50.0.0.1

R1#show ip nat translation


Pro Inside global Inside local Outside local Outside global

udp 50.0.0.1:137 192.168.0.100:137 11.0.0.2:137 11.0.0.2:137

tcp 50.0.0.1:49312 192.168.0.100:49312 11.0.0.2:23 11.0.0.2:23

--- 50.0.0.1 192.168.0.100 --- ---

Lab 4 (Dynamic NAT with dynamic routing):


R2(config)#no ip route 50.0.0.0 255.255.255.0 11.0.0.1

R1#clear ip nat translation *

Solution 1:

R1(config)#no ip nat pool LAN 50.0.0.1 50.0.0.3 netmask 255.255.255.248

R1(config)#ip nat pool LAN 50.0.0.1 50.0.0.3 netmask 255.255.255.248 add-route

R1(config)#do show ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.0.1 YES manual up up

FastEthernet0/1 11.0.0.1 YES manual up up

NVI0 192.168.0.1 YES unset up up

R1(config)#do show ip route

<Output Omitted>

50.0.0.0/29 is subnetted, 1 subnets

S 50.0.0.0 [0/0] via 0.0.0.0, NVI0

11.0.0.0/30 is subnetted, 1 subnets

C 11.0.0.0 is directly connected, FastEthernet0/1

C 192.168.0.0/24 is directly connected, FastEthernet0/0

R1(config)#router eigrp 1

R1(config-router)#no auto-summary

R1(config-router)#network 192.168.0.1 0.0.0.0


R1(config-router)#network 11.0.0.1 0.0.0.0

R1(config-router)#redistribute static

R2(config)#router eigrp 1

R2(config-router)#no auto-summary

R2(config-router)#network 11.0.0.2 0.0.0.0

Note: Since the 50.0.0.0 in the routing table is not via a direct connected interface, it can’t be
advertised using the network command under the eigrp process but using redistribution only.

Solution 2:

R1(config)#ip route 50.0.0.0 255.255.255.0 null0

R1(config)#router eigrp 1

R1(config-router)# redistribute static

Solution 3:

R1(config)#ip route 50.0.0.0 255.255.255.0 null0

R1(config)#router eigrp 1

R1(config-router)#network 50.0.0.0 0.0.0.255

Solution 4:

R1(config)#int loop 1

R1(config-if)#ip address 50.0.0.1 255.255.255.255

R1(config)#router eigrp 1

R1(config-router)#network 50.0.0.1 0.0.0.0

Solution 5:

R1(config)#int loop 1

R1(config-if)#ip address 50.0.0.1 255.255.255.255

R1(config)#router eigrp 1

R1(config-router)#redistribute connected
To Test Connectivity (The network should be pingable using any of the four solutions):

C:\Users\abeer>ping 11.0.0.2

Pinging 11.0.0.2 with 32 bytes of data:

Reply from 11.0.0.2: bytes=32 time=60ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254

Reply from 11.0.0.2: bytes=32 time=62ms TTL=254

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 50.0.0.1 192.168.0.1 --- ---

icmp 50.0.0.2:1 192.168.0.100:1 11.0.0.2:1 11.0.0.2:1

--- 50.0.0.2 192.168.0.100 --- ---

After telnet from the client to 11.0.0.2:

R2#show users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 idle 00:00:08 50.0.0.2

Lab 5 (PAT):

R1(config)#int f0/0

R1(config-if)#ip address 192.168.0.1 255.255.255.0


R1(config-if)#no shutdown

R1(config-if)#int f0/1

R1(config-if)#ip address 11.0.0.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#router eigrp 1

R1(config-router)#no auto-summary

R1(config-router)#network 192.168.0.1 0.0.0.0

R1(config-router)#network 11.0.0.1 0.0.0.0

R2(config)#int f0/0

R2(config-if)#ip address 11.0.0.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#router eigrp 1

R2(config-router)#no auto-summary

R2(config-router)#network 11.0.0.2 0.0.0.0

R2(config-router)#line vty 0 4

R2(config-line)#password 123

R2(config-line)#login
The network should be pingable and converged now.

We will configure PAT on R1.

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255

R1(config)#ip nat inside source list 1 interface f0/1 overload

R1(config)#int f0/0

R1(config-if)#ip nat inside

R1(config-if)#int f0/1

R1(config-if)#ip nat outside

The network should be still pingable and converged. After telnet from the client to 11.0.0.02:

R2#show users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 idle 00:00:09 11.0.0.1

To verify:

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside global

udp 11.0.0.1:137 192.168.0.100:137 11.0.0.2:137 11.0.0.2:137

tcp 11.0.0.1:49339 192.168.0.100:49339 11.0.0.2:23 11.0.0.2:23

R1#debug ip nat (Then ping from the client to 11.0.0.2)

*Mar 1 00:07:22.011: NAT*: s=192.168.0.100->11.0.0.1, d=11.0.0.2 [6566]

<Output Omitted>

Hint)

PAT with multiple public IP addresses is configured using the same dynamic NAT configuration
but with the overload keyword which allows each public IP address to support multiple
sessions.

EX) R1(config)#ip nat inside source list 1 pool LAN overload

Best wishes

Abeer 

You might also like