Scribd Logo
Upload

Welcome to Scribd!

  • 145 views

    CCNA 200-301 - Lab-20 NAT Dynamic v1.0

    Uploaded by

    h9ohuia
    1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    CCNA 200-301 - Lab-20 NAT Dynamic v1.0

    Uploaded by

    h9ohuia
    145 views8 pages
    1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    145 views8 pages

    CCNA 200-301 - Lab-20 NAT Dynamic v1.0

    Uploaded by

    h9ohuia
    1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 8

    CCNA - 200-301 Dynamic NAT

    Dynamic NAT

    [email protected]
    Task
    1. Configure routers R1 & ISP with IP address as shown in topology and
    configure enable password as ccna. (Refer Lab-19 for task-1 to task-4)
    2. Configure routers as Host (PC)
    3. Configure routers as Host (Servers) and enable HTTP service on it.
    4. Configure default routing on R1.
    5. Configure Dynamic NAT with pool of 2 Public IP for 192.168.1.0/24 network.

    Task-5: Configure Dynamic NAT.


    R1#config t
    R1(config)#access-list 10 permit 192.168.1.0 0.0.0.255
    R1(config)#ip nat pool Public-IP 100.100.100.3 100.100.100.4 prefix-length 28
    R1(config)#ip nat inside source list 10 pool Public-IP
    R1(config)#int fa0/0
    R1(config-if)#ip nat inside
    R1(config-if)#exit
    R1(config)#int fa0/1
    R1(config-if)#ip nat outside
    R1(config-if)#exit
    R1(config)#exit
    R1#
    1 Page

    www.rsatechforum.in
    +91 8551802268
    CCNA Labs by Ratan
    ✓ Verification & Testing:

    R1#sh ip nat translations

    Ping Google and Facebook server starting from PC-1, PC-2 and PC-3
    PC-1#ping 150.150.150.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 52/59/72 ms
    PC-1#

    PC-1#ping 200.200.200.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
    !!!!!
    We Make Learning Simplified..

    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/64 ms


    PC-1#

    PC-1#telnet 150.150.150.2 80
    Trying 150.150.150.2, 80 ... Open

    PC-1#

    PC-1#telnet 200.200.200.2 80
    Trying 200.200.200.2, 80 ... Open

    PC-1#

    PC-2#ping 150.150.150.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 56/62/80 ms
    PC-2#

    PC-2#ping 200.200.200.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/60 ms
    PC-2#

    PC-2#telnet 150.150.150.2 80
    Trying 150.150.150.2, 80 ... Open

    PC-2#
    2 Page

    www.rsatechforum.in
    +91 8551802268
    CCNA - 200-301 Dynamic NAT
    PC-2#telnet 200.200.200.2 80
    Trying 200.200.200.2, 80 ... Open

    PC-2#

    PC-3#ping 150.150.150.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
    UUUUU
    Success rate is 0 percent (0/5)
    PC-3#

    PC-3#ping 200.200.200.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
    UUUUU
    Success rate is 0 percent (0/5)
    PC-3#

    PC-3#telnet 150.150.150.2 80
    Trying 150.150.150.2, 80 ...

    [email protected]
    % Destination unreachable; gateway or host down

    PC-3#

    PC-3#telnet 200.200.200.2 80
    Trying 200.200.200.2, 80 ...
    % Destination unreachable; gateway or host down

    PC-3#

    R1#sh ip nat translations


    Pro Inside global Inside local Outside local Outside global
    icmp 100.100.100.3:0 192.168.1.10:0 150.150.150.2:0 150.150.150.2:0
    icmp 100.100.100.3:1 192.168.1.10:1 200.200.200.2:1 200.200.200.2:1
    tcp 100.100.100.3:17700 192.168.1.10:17700 150.150.150.2:80 150.150.150.2:80
    tcp 100.100.100.3:29975 192.168.1.10:29975 200.200.200.2:80 200.200.200.2:80
    icmp 100.100.100.4:2 192.168.1.11:2 150.150.150.2:2 150.150.150.2:2
    icmp 100.100.100.4:3 192.168.1.11:3 200.200.200.2:3 200.200.200.2:3
    tcp 100.100.100.4:17132 192.168.1.11:17132 200.200.200.2:80 200.200.200.2:80
    tcp 100.100.100.4:23099 192.168.1.11:23099 150.150.150.2:80 150.150.150.2:80
    tcp 100.100.100.4:49429 192.168.1.11:49429 200.200.200.2:80 200.200.200.2:80
    tcp 100.100.100.4:60057 192.168.1.11:60057 150.150.150.2:80 150.150.150.2:80
    --- 100.100.100.4 192.168.1.11 --- ---
    R1#

    R1#sh ip nat statistics


    Total active translations: 8 (0 static, 8 dynamic; 6 extended)
    Peak translations: 10, occurred 00:02:39 ago
    Outside interfaces:
    3

    FastEthernet0/1
    Page

    www.rsatechforum.in
    +91 8551802268
    CCNA Labs by Ratan
    Inside interfaces:
    FastEthernet0/0
    Hits: 200 Misses: 0
    CEF Translated packets: 200, CEF Punted packets: 10
    Expired translations: 7
    Dynamic mappings:
    -- Inside Source
    [Id: 1] access-list 10 pool Public-IP refcount 8
    pool Public-IP: netmask 255.255.255.240
    start 100.100.100.3 end 100.100.100.4
    type generic, total addresses 2, allocated 2 (100%), misses 10

    Total doors: 0
    Appl doors: 0
    Normal doors: 0
    Queued Packets: 0
    R1#

    Enable icmp debugging on PC-1 & PC-2. Ping NATed IP from Google and
    We Make Learning Simplified..

    Facebook server.
    PC-1#debug ip icmp
    ICMP packet debugging is on
    PC-1#

    PC-2#debug ip icmp
    ICMP packet debugging is on
    PC-2#

    Google#ping 100.100.100.3
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 44/55/68 ms
    Google#

    Google#ping 100.100.100.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 48/57/60 ms
    Google#

    Facebook#ping 100.100.100.3
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/64 ms
    Facebook#
    4 Page

    www.rsatechforum.in
    +91 8551802268
    CCNA - 200-301 Dynamic NAT
    Facebook#ping 100.100.100.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 44/56/60 ms
    Facebook#

    PC-1#
    *Nov 14 19:34:35.883: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:35.939: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:35.999: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:36.059: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:36.123: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0

    PC-1#
    *Nov 14 19:34:44.555: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology

    [email protected]
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:44.611: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:44.671: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:44.731: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:44.795: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    PC-1#

    PC-2#
    *Nov 14 19:34:38.275: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:38.335: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:38.395: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:38.459: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:38.519: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
    BASE, dscp 0 topoid 0

    PC-2#
    *Nov 14 19:34:46.331: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:46.375: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:46.439: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
    5

    BASE, dscp 0 topoid 0


    Page

    www.rsatechforum.in
    +91 8551802268
    CCNA Labs by Ratan
    *Nov 14 19:34:46.503: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    *Nov 14 19:34:46.563: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
    BASE, dscp 0 topoid 0
    PC-2#

    R1#sh arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 100.100.100.1 - ca07.27a0.0006 ARPA FastEthernet0/1
    Internet 100.100.100.2 10 ca04.2360.0008 ARPA FastEthernet0/1
    Internet 100.100.100.3 - ca07.27a0.0006 ARPA FastEthernet0/1
    Internet 100.100.100.4 - ca07.27a0.0006 ARPA FastEthernet0/1
    Internet 192.168.1.1 - ca07.27a0.0008 ARPA FastEthernet0/0
    Internet 192.168.1.10 11 ca01.1f60.0008 ARPA FastEthernet0/0
    Internet 192.168.1.11 10 ca02.1be8.0008 ARPA FastEthernet0/0
    Internet 192.168.1.12 7 ca03.287c.0008 ARPA FastEthernet0/0
    R1#

    Now clear the NAT table and ping NATed IP from Google and Facebook server.
    We Make Learning Simplified..

    R1#clear ip nat translation *

    R1#sh ip nat translations


    R1#

    Google#ping 100.100.100.3
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    Google#

    Google#ping 100.100.100.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    Google#

    Facebook#ping 100.100.100.3
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    Facebook#

    Facebook#ping 100.100.100.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
    6

    .....
    Page

    Success rate is 0 percent (0/5)

    www.rsatechforum.in
    +91 8551802268
    CCNA - 200-301 Dynamic NAT
    Facebook#

    Note: We can initiate traffic from outside on NATed public IP only when we have
    NAT translation entries available.

    To Remove Dynamic NAT


    R1#config t
    R1(config)#no ip nat inside source list 10 pool Public-IP
    Dynamic mapping in use, do you want to delete all entries? [no]: yes
    R1(config)#no access-list 10 permit 192.168.1.0 0.0.0.255
    R1(config)# no ip nat pool Public-IP 100.100.100.3 100.100.100.4 prefix-length 28
    R1(config)#int fa0/0
    R1(config-if)#no ip nat inside
    R1(config-if)#exit
    R1(config)#int fa0/1
    R1(config-if)#no ip nat outside
    R1(config-if)#exit
    R1(config)#exit
    R1#

    [email protected]
    7 Page

    www.rsatechforum.in
    +91 8551802268
    CCNA Labs by Ratan
    Important Commands:
    sh ip nat translations
    sh ip nat statistics
    sh arp
    We Make Learning Simplified..
    8 Page

    www.rsatechforum.in
    +91 8551802268

    You might also like