Nat Port - Policy: Lab Topology

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Download PNETLab Platform

PNETLAB Store
PNETLab.com

NAT PORT - POLICY

Lab Topology:
Please use the following topology to complete this lab exercise:

Lab Objective:
The objective of this lab exercise is for you to learn and understand how can you configure NAT
POLICY

Task list:
Task 1: Configure the hostname and IP address for the interface in INSIDE ZONE for Routers as
topo. Check the reachability between Routers.
Task 2: Configure 2 PPPoE Session between R1 to R2 and R1 to R3 in OUTSIDE ZONE (R1 is
PPPoE Client, R2 and R3 are PPPoE Server).
Task 3: Configure default route on R4, static route and NAT Policy on R1
Task 4: Check NAT Translate table on R1 when R4 telnet to interface Loopback on R2 and R3.
1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

SOLUTION:
Task 1: Configure the hostname and IP address for the interface in INSIDE ZONE for Routers as
topo. Check the reachability between Routers.
On R4
!
interface Ethernet0/0
ip address 192.168.1.10 255.255.255.0
!
On R1
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
!
On R4
!
interface Ethernet0/2
ip address 192.168.1.50 255.255.255.0
!
Verification:
R4#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Task 2: Configure 2 PPPoE Session between R1 to R2 and R1 to R3 in OUTSIDE ZONE (R1 is


PPPoE Client, R2 and R3 are PPPoE Server).
On R1
!
interface Ethernet0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Ethernet0/2
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside

2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

encapsulation ppp
dialer pool 1
ppp pap sent-username pppoe1 password 0 cisco@123
!
interface Dialer2
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp pap sent-username pppoe2 password 0 cisco@123
!
On R2
!
username pppoe1 password 0 cisco@123
!
bba-group pppoe global
virtual-template 1
!
interface Ethernet0/0
no ip address
pppoe enable group global
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
!
interface Virtual-Template1
mtu 1492
ip address 113.70.180.1 255.255.255.252
peer default ip address pool CLIENT
ppp authentication pap callin
!
ip local pool CLIENT 113.70.180.2
!
On R3
!
username pppoe2 password 0 cisco@123
!
bba-group pppoe global
virtual-template 1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/2
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

no ip address
pppoe enable group global
!
interface Virtual-Template1
mtu 1492
ip address 42.190.58.1 255.255.255.252
peer default ip address pool CLIENT
ppp authentication pap callin
!
ip local pool CLIENT 42.190.58.2
!
Verification:
R1#show ip interface brief | exclude as
Interface IP-Address OK? Method Status
Protocol
Ethernet0/0 192.168.1.1 YES NVRAM up
up
Dialer1 113.70.180.2 YES IPCP up
up
Dialer2 42.190.58.2 YES IPCP up
up

R1#ping 42.190.58.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 42.190.58.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1#ping 113.70.180.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 113.70.180.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Task 3: Configure default route on R4, static route and NAT Policy on R1
On R4
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
On R1
!
ip route 2.2.2.2 255.255.255.255 Dialer1
ip route 3.3.3.3 255.255.255.255 Dialer2
// Static Route to Loopback of R2 and R3.
!
ip access-list extended ToR2
4
Download PNETLab Platform
PNETLAB Store
PNETLab.com

permit tcp host 192.168.1.10 host 2.2.2.2 eq telnet


ip access-list extended ToR3
permit tcp host 192.168.1.10 host 3.3.3.3 eq telnet
!
//Create Access-List to match traffic telnet from R4 to Loopback of R2 and R3.
!
route-map ToR3 permit 10
match ip address ToR3
!
route-map ToR2 permit 10
match ip address ToR2
!
//Create Route-Map to attach the access-lists in two different permit statements.
!
interface Ethernet0/0
ip nat inside
!
interface Dialer1
ip nat outside
!
interface Dialer2
ip nat outside
!
//Create NAT inside, outside interface.
!
ip nat inside source static 192.168.1.10 42.190.58.2 route-map ToR3
ip nat inside source static 192.168.1.10 113.70.180.2 route-map ToR2
!
//Create NAT Translate in R1 based on route-map.
Task 4: Check NAT Translate table on R1 when R4 telnet to interface Loopback on R2 and R3.
R4#telnet 2.2.2.2
Trying 2.2.2.2 ... Open

R4#telnet 3.3.3.3
Trying 3.3.3.3 ... Open

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside
global
tcp 42.190.58.2:48539 192.168.1.10:48539 3.3.3.3:23
3.3.3.3:23
tcp 113.70.180.2:56679 192.168.1.10:56679 2.2.2.2:23
2.2.2.2:23
// We recognize that, R1 will NAT based on traffic to Outside.

You might also like