Vous êtes sur la page 1sur 4

LAB : NAT & PAT Section A: Dynamic Inside-Source Translation (NAT) Dynamic inside source translation dynamically translates

an unregistered IP address to a registered IP address, using a predefined pool of addresses. This is a one to one mapping. When an outside connection attempt is made, an IP address is selected from a pool of addresses. Example Below: Diagram 1
Serial 0/1 195.1.1.4 Serial 0/1 195.1.1.10 Ethernet 0 152.1.1.1

Router A

Router B

Ethernet 0/0 10.0.0.5 10.0.0.1 Secondary 10.0.0.2 Secondary

Configuration Overview: 1) You will be using two routers for this lab. Set up the routers as shown above in Diagram 1. Assign the necessary addresses to the interfaces (Serial and Ethernet). 2) You will be using secondary IP addresses. Secondary IP addresses are like assigning additional IP addresses to an interface and are mostly used for testing purposes, however the router uses the main address configured as the IP address of the interface. You will be configuring an additional 2 secondary IP addresses in this lab. Below is an example of configuring a secondary address.
RouterA(config)# ip address 10.0.0.5 255.255.255.0 ip address 10.0.0.1 255.255.255.0 secondary this is the secondary address ip address 10.0.0.2 255.255.255.0 secondary

3) Use static routes for each router so that both routers can see each others Ethernet network, for example, for Router A you would enter, ip route 152.1.0.0 255.255.0.0 int s0/0). Note: You may also use RIP 1 !. 4) After you have configured the routers and have tested connectivity, follow the commands below to configure Router A for NAT. 5) Access lists will be used to tell the router the inside addresses that are to be translated. Enter in the following access lists at Router A:

access-list 1 permit 10.0.0.1 access-list 1 permit 10.0.0.2 Router A Global Configuration Enter in the following commands at global configuration. RouterA(config)# ip nat pool globalpool 195.1.1.1 195.1.1.3 netmask 255.255.255.0 This defines the pool of addresses that will be used. RouterA(config)# ip nat inside source list 1 pool globalpool List 1 references access list 1 and defines which addresses will be translated. Globalpool references the pool of addresses defined in the previous line. Router A - Interface Configuration RouterA(config)# int eth0/0 RouterA(config)# ip nat inside This defines the inside interface (the interface with the hidden IP addresses). RouterA(config)# int s0/0 RouterA(config)# ip nat outside Testing Issue the debug ip nat detailed command from priviledged mode and use the extended ping command to: 1) Ping 152.1.1.1 using source address 10.0.0.1 2) Ping 152.1.1.1 using source address 10.0.0.2 You will see from the debug output that the source address 10.0.0.1 has been translated to 195.1.1.1 and 10.0.0.2 was assigned to 195.1.1.2. Get a signature for Section A

______________________________________________________________________

Section B Overlapping an Inside Global Address (PAT Port Address Translation) This technique allows you to bypass the one-to-one mapping of local addresses into global addresses. This is more efficient because it reduces the number of registered IP addresses needed. PAT uses higher level protocols such as TCP port numbers to translate the global address back to a correct local address. When multiple local addresses map to one global address, the TCP port numbers are used to distinguish or uniquely identify the local address. See the example below: Diagram 2

internet

Local 10.1.1.1 10.1.1.2 10.1.1.3

Global 195.1.1.1 :1024 195.1.1.1 :1025 195.1.1.1 :1026

Router A

Host A

Host B

Host C

1) You can keep the exact configuration from Section A, the only commands you need to change is the following: a) RouterA(config)# no ip nat inside source list 1 pool globalpool RouterA(config)# ip nat inside source list 1 pool globalpool overload b) RouterA(config)#no ip nat pool globalpool 195.1.1.1 195.1.1.3 netmask 255.255.255.0 RouterA(config)#ip nat pool globalpool 195.1.1.1 195.1.1.1 netmask 255.255.255.0 You are first changing the pool of addresses to reflect one address to translate to. Again the port mapping will be used to identify the inside host that sends a connection out. Notice also the overload command which allows multiple inside local addresses to be translated to one outside global address. Testing Issue the debug ip nat detailed command and ping the following using the extended ping: 1) Ping 152.1.1.1 using source address 10.0.0.1 2) Ping 152.1.1.1 using source address 10.0.0.2

You should then see the output from the debug command and that both 10.0.0.1 and 10.0.0.2 were translated to 195.1.1.1. Finally run the show ip nat translations command to see the port numbers and addresses that are used as a key to map return packets to the correct inside local IP address. Get a final signature ______________________________________________________________________