Monday 8 June 2015

CCENT NAT


NAT:

Terms:
Static,Dynamic,PAT
inside local
outside local
inside global---------ISP assigned IP for Internet browsing.
outside global-------Public IP  assigned to a web server etc.

Inside = Private IP's on Local LAN
Outside = Public IP's on Web.


 Static NAT:

ip nat inside source static 192.168.1.2 193.10.1.1 

ip nat inside
ip nat outside




Dynamic NAT:





































 Router 1: show ru

interface GigabitEthernet0/0
 ip address 192.168.2.2 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.3.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 network 192.168.2.0
 network 192.168.3.0
!
ip nat pool jedi 192.168.3.10 192.168.3.50 netmask 255.255.255.0
ip nat inside source list 10 pool jedi
ip classless
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255



PAT:



PAT Port Address Translation:

 Multiple inside private IP's NAT-ed to
a Single Public IP+Port Number.


Config on Gateway:
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside------------------------------------->>Correct

interface Serial2/0
 ip address 193.168.3.1 255.255.255.0
 ip nat outside----------------------------------->>Correct

[NOTE THE PUBLIC IP ADDRESS 193.0.0.0  range is used]
!
ip nat pool droidnet 193.168.3.10 193.168.3.10 netmask 255.255.255.0
[NOTE THE PUBLIC IP ADDRESS 193.0.0.0  range is used]

ip nat inside source list 10 pool droidnet overload
[IF OVERLOAD isnt used NAT works but only with a single PC]
ip classless
ip route 0.0.0.0 0.0.0.0 Serial2/0
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 193.168.3.0 0.0.0.255

Router>en
Router#show ip nat translations
Pro  Inside global              Inside local             Outside local           Outside global
tcp 193.168.3.10:1030  192.168.1.2:1030   192.168.2.3:80     192.168.2.3:80
tcp 193.168.3.10:1026  192.168.1.3:1026   192.168.2.3:80     192.168.2.3:80
 

If you want to change outside IP that is do NAT on outside Router than apply NAT on outside Router



1.Router(config)#ip nat inside source list 10 interface serial 0/3/0 overload 
     Uses serial 0/3/0 IP for PAT   
 

2.Router(config)#ip nat inside source list 10 pool jedi overload
    Uses a Pool for PAT

NAT OSPF Default-route
NAT OSPF Static-route




Lab  5:

Advertising a null route using OSPF redistribute option
to enable OSPF advertisement of a Static NAT Global IP.
Note this is done as the Public IP used in NAT, in this case
is 193.10.1.1, which differes from the IP subnet between the
routers which is 192.168.2.0/24.This is normally the case in 
the real world.If the Public IP matches the IP subnet between 
the routers than no need to add a static or default route or 
advertise a null route.






Router running configuration where NAT is configured.

 interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto

 router ospf 10
 log-adjacency-changes
 redistribute static subnets
 network 192.168.1.0 0.0.0.255 area 0
 network 192.168.2.0 0.0.0.255 area 0
!
ip nat inside source static 192.168.1.2 193.10.1.1
ip classless
ip route 193.10.1.0 255.255.255.0 Null0
!
  

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)