Vous êtes sur la page 1sur 4

LAB : NAT & PAT Section A: Dynamic Inside-Source Translation (NAT) Dynamic inside source translation dynamically translates

an unregistered IP address to a registered IP address, using a predefined pool of addresses. This is a one to one mapping. When an outside connection attempt is made, an IP address is selected from a pool of addresses. Example Below: Diagram 1
Serial 0/1 Serial 0/1 Ethernet 0

Router A

Router B

Ethernet 0/0 Secondary Secondary

Configuration Overview: 1) You will be using two routers for this lab. Set up the routers as shown above in Diagram 1. Assign the necessary addresses to the interfaces (Serial and Ethernet). 2) You will be using secondary IP addresses. Secondary IP addresses are like assigning additional IP addresses to an interface and are mostly used for testing purposes, however the router uses the main address configured as the IP address of the interface. You will be configuring an additional 2 secondary IP addresses in this lab. Below is an example of configuring a secondary address.
RouterA(config)# ip address ip address secondary this is the secondary address ip address secondary

3) Use static routes for each router so that both routers can see each others Ethernet network, for example, for Router A you would enter, ip route int s0/0). Note: You may also use RIP 1 !. 4) After you have configured the routers and have tested connectivity, follow the commands below to configure Router A for NAT. 5) Access lists will be used to tell the router the inside addresses that are to be translated. Enter in the following access lists at Router A:

access-list 1 permit access-list 1 permit Router A Global Configuration Enter in the following commands at global configuration. RouterA(config)# ip nat pool globalpool netmask This defines the pool of addresses that will be used. RouterA(config)# ip nat inside source list 1 pool globalpool List 1 references access list 1 and defines which addresses will be translated. Globalpool references the pool of addresses defined in the previous line. Router A - Interface Configuration RouterA(config)# int eth0/0 RouterA(config)# ip nat inside This defines the inside interface (the interface with the hidden IP addresses). RouterA(config)# int s0/0 RouterA(config)# ip nat outside Testing Issue the debug ip nat detailed command from priviledged mode and use the extended ping command to: 1) Ping using source address 2) Ping using source address You will see from the debug output that the source address has been translated to and was assigned to Get a signature for Section A


Section B Overlapping an Inside Global Address (PAT Port Address Translation) This technique allows you to bypass the one-to-one mapping of local addresses into global addresses. This is more efficient because it reduces the number of registered IP addresses needed. PAT uses higher level protocols such as TCP port numbers to translate the global address back to a correct local address. When multiple local addresses map to one global address, the TCP port numbers are used to distinguish or uniquely identify the local address. See the example below: Diagram 2



Global :1024 :1025 :1026

Router A

Host A

Host B

Host C

1) You can keep the exact configuration from Section A, the only commands you need to change is the following: a) RouterA(config)# no ip nat inside source list 1 pool globalpool RouterA(config)# ip nat inside source list 1 pool globalpool overload b) RouterA(config)#no ip nat pool globalpool netmask RouterA(config)#ip nat pool globalpool netmask You are first changing the pool of addresses to reflect one address to translate to. Again the port mapping will be used to identify the inside host that sends a connection out. Notice also the overload command which allows multiple inside local addresses to be translated to one outside global address. Testing Issue the debug ip nat detailed command and ping the following using the extended ping: 1) Ping using source address 2) Ping using source address

You should then see the output from the debug command and that both and were translated to Finally run the show ip nat translations command to see the port numbers and addresses that are used as a key to map return packets to the correct inside local IP address. Get a final signature ______________________________________________________________________