Scribd
Upload
331 views

CCNA 200-301 - Lab-20 NAT Dynamic v1.0

1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

Uploaded by

h9ohuia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
331 views

CCNA 200-301 - Lab-20 NAT Dynamic v1.0

1. The document describes configuring dynamic NAT on router R1 to translate the private IP addresses of hosts on the 192.168.1.0/24 network to a pool of two public IP addresses. 2. An access list and NAT pool are configured to define the addresses to be translated. Interfaces are configured as inside and outside. 3. Testing shows hosts on the inside network can ping and telnet to external servers using the translated public addresses, while traffic is untranslated from the outside interface.

Uploaded by

h9ohuia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

CCNA - 200-301 Dynamic NAT

Dynamic NAT

[email protected]
Task
1. Configure routers R1 & ISP with IP address as shown in topology and
configure enable password as ccna. (Refer Lab-19 for task-1 to task-4)
2. Configure routers as Host (PC)
3. Configure routers as Host (Servers) and enable HTTP service on it.
4. Configure default routing on R1.
5. Configure Dynamic NAT with pool of 2 Public IP for 192.168.1.0/24 network.

Task-5: Configure Dynamic NAT.


R1#config t
R1(config)#access-list 10 permit 192.168.1.0 0.0.0.255
R1(config)#ip nat pool Public-IP 100.100.100.3 100.100.100.4 prefix-length 28
R1(config)#ip nat inside source list 10 pool Public-IP
R1(config)#int fa0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int fa0/1
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#exit
R1#
1 Page

www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
✓ Verification & Testing:

R1#sh ip nat translations

Ping Google and Facebook server starting from PC-1, PC-2 and PC-3
PC-1#ping 150.150.150.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/59/72 ms
PC-1#

PC-1#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
We Make Learning Simplified..

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/64 ms


PC-1#

PC-1#telnet 150.150.150.2 80
Trying 150.150.150.2, 80 ... Open

PC-1#

PC-1#telnet 200.200.200.2 80
Trying 200.200.200.2, 80 ... Open

PC-1#

PC-2#ping 150.150.150.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/62/80 ms
PC-2#

PC-2#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/60 ms
PC-2#

PC-2#telnet 150.150.150.2 80
Trying 150.150.150.2, 80 ... Open

PC-2#
2 Page

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Dynamic NAT
PC-2#telnet 200.200.200.2 80
Trying 200.200.200.2, 80 ... Open

PC-2#

PC-3#ping 150.150.150.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.150.150.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
PC-3#

PC-3#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
PC-3#

PC-3#telnet 150.150.150.2 80
Trying 150.150.150.2, 80 ...

[email protected]
% Destination unreachable; gateway or host down

PC-3#

PC-3#telnet 200.200.200.2 80
Trying 200.200.200.2, 80 ...
% Destination unreachable; gateway or host down

PC-3#

R1#sh ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 100.100.100.3:0 192.168.1.10:0 150.150.150.2:0 150.150.150.2:0
icmp 100.100.100.3:1 192.168.1.10:1 200.200.200.2:1 200.200.200.2:1
tcp 100.100.100.3:17700 192.168.1.10:17700 150.150.150.2:80 150.150.150.2:80
tcp 100.100.100.3:29975 192.168.1.10:29975 200.200.200.2:80 200.200.200.2:80
icmp 100.100.100.4:2 192.168.1.11:2 150.150.150.2:2 150.150.150.2:2
icmp 100.100.100.4:3 192.168.1.11:3 200.200.200.2:3 200.200.200.2:3
tcp 100.100.100.4:17132 192.168.1.11:17132 200.200.200.2:80 200.200.200.2:80
tcp 100.100.100.4:23099 192.168.1.11:23099 150.150.150.2:80 150.150.150.2:80
tcp 100.100.100.4:49429 192.168.1.11:49429 200.200.200.2:80 200.200.200.2:80
tcp 100.100.100.4:60057 192.168.1.11:60057 150.150.150.2:80 150.150.150.2:80
--- 100.100.100.4 192.168.1.11 --- ---
R1#

R1#sh ip nat statistics


Total active translations: 8 (0 static, 8 dynamic; 6 extended)
Peak translations: 10, occurred 00:02:39 ago
Outside interfaces:
3

FastEthernet0/1
Page

www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
Inside interfaces:
FastEthernet0/0
Hits: 200 Misses: 0
CEF Translated packets: 200, CEF Punted packets: 10
Expired translations: 7
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 pool Public-IP refcount 8
pool Public-IP: netmask 255.255.255.240
start 100.100.100.3 end 100.100.100.4
type generic, total addresses 2, allocated 2 (100%), misses 10

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#

Enable icmp debugging on PC-1 & PC-2. Ping NATed IP from Google and
We Make Learning Simplified..

Facebook server.
PC-1#debug ip icmp
ICMP packet debugging is on
PC-1#

PC-2#debug ip icmp
ICMP packet debugging is on
PC-2#

Google#ping 100.100.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/55/68 ms
Google#

Google#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/57/60 ms
Google#

Facebook#ping 100.100.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/64 ms
Facebook#
4 Page

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Dynamic NAT
Facebook#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/56/60 ms
Facebook#

PC-1#
*Nov 14 19:34:35.883: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:35.939: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:35.999: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:36.059: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:36.123: ICMP: echo reply sent, src 192.168.1.10, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0

PC-1#
*Nov 14 19:34:44.555: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology

[email protected]
BASE, dscp 0 topoid 0
*Nov 14 19:34:44.611: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:44.671: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:44.731: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:44.795: ICMP: echo reply sent, src 192.168.1.10, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
PC-1#

PC-2#
*Nov 14 19:34:38.275: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:38.335: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:38.395: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:38.459: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:38.519: ICMP: echo reply sent, src 192.168.1.11, dst 150.150.150.2, topology
BASE, dscp 0 topoid 0

PC-2#
*Nov 14 19:34:46.331: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:46.375: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:46.439: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
5

BASE, dscp 0 topoid 0


Page

www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
*Nov 14 19:34:46.503: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
*Nov 14 19:34:46.563: ICMP: echo reply sent, src 192.168.1.11, dst 200.200.200.2, topology
BASE, dscp 0 topoid 0
PC-2#

R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.100.100.1 - ca07.27a0.0006 ARPA FastEthernet0/1
Internet 100.100.100.2 10 ca04.2360.0008 ARPA FastEthernet0/1
Internet 100.100.100.3 - ca07.27a0.0006 ARPA FastEthernet0/1
Internet 100.100.100.4 - ca07.27a0.0006 ARPA FastEthernet0/1
Internet 192.168.1.1 - ca07.27a0.0008 ARPA FastEthernet0/0
Internet 192.168.1.10 11 ca01.1f60.0008 ARPA FastEthernet0/0
Internet 192.168.1.11 10 ca02.1be8.0008 ARPA FastEthernet0/0
Internet 192.168.1.12 7 ca03.287c.0008 ARPA FastEthernet0/0
R1#

Now clear the NAT table and ping NATed IP from Google and Facebook server.
We Make Learning Simplified..

R1#clear ip nat translation *

R1#sh ip nat translations


R1#

Google#ping 100.100.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Google#

Google#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Google#

Facebook#ping 100.100.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Facebook#

Facebook#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
6

.....
Page

Success rate is 0 percent (0/5)

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Dynamic NAT
Facebook#

Note: We can initiate traffic from outside on NATed public IP only when we have
NAT translation entries available.

To Remove Dynamic NAT


R1#config t
R1(config)#no ip nat inside source list 10 pool Public-IP
Dynamic mapping in use, do you want to delete all entries? [no]: yes
R1(config)#no access-list 10 permit 192.168.1.0 0.0.0.255
R1(config)# no ip nat pool Public-IP 100.100.100.3 100.100.100.4 prefix-length 28
R1(config)#int fa0/0
R1(config-if)#no ip nat inside
R1(config-if)#exit
R1(config)#int fa0/1
R1(config-if)#no ip nat outside
R1(config-if)#exit
R1(config)#exit
R1#

[email protected]
7 Page

www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
Important Commands:
sh ip nat translations
sh ip nat statistics
sh arp
We Make Learning Simplified..
8 Page

www.rsatechforum.in
+91 8551802268

You might also like