The term NAT is used by many vendors, and it may differ slightly depending on which equipment you are using to configure NAT. In this blog, we will be exploring NAT used by Cisco IOS.
Here are general steps when configuring a NAT:- Step 1: Determine inside and outside networks. Label each interface as “inside” or “outside” using the ip nat inside and ip nat outside commands at the interface or subinterface configuration mode.
- Step 2: Ensure that the connectivity exists between the routers. By using either static routes or dynamic routing protocols, make sure that your inside global network can connect to the outside network.
- Step 3: Configure a pool private IP addresses that will be allowed to access the external network
- Step 4: Configure a pool public IP addresses that will be used by your internal network to access the external network
- Step 5: Configure Network Address Translation. Define components that will be translated.
- Step 6: Verify your work
Let's configure the Gateway Router from the below diagram so that the PC's in the internal network can communicate with the devices in external networks.
Step 0: Configure base configuration and assign IP addresses according to above diagram
Router>enable
Router#configure terminal
Router(config)#hostname GatewayRouter
GatewayRouter(config)#interface s0/0
GatewayRouter(config-if)#ip add 216.116.120.250 255.255.255.248
GatewayRouter(config-if)#no shutdown
GatewayRouter(config-if)#int fa1/0
GatewayRouter(config-if)#ip add 10.0.0.1 255.255.255.0
GatewayRouter(config-if)#no shut
Always verify that IP addresses are inputted properly and the Status and Protocol are both up.
-------------------------------------------------------
Step 1: Determine inside and outside networks. Label each interface as “inside” or “outside” using the ip nat inside and ip nat outside commands at the interface or subinterface configuration mode.GatewayRouter#conf t
GatewayRouter(config)#int s0/0
GatewayRouter(config-if)#ip nat outside
GatewayRouter(config-if)#int fa1/0
GatewayRouter(config-if)#ip nat inside
-------------------------------------------------------
GatewayRouter(config)#ip route 0.0.0.0 0.0.0.0 s0/0
-------------------------------------------------------
You need to specify the source addresses that will be translated. In this exercise, you will be using an access-list to specify a pool of IP addresses. We will be allowing all internal IP addresses to pass through the gateway router.
GatewayRouter(config)#access-list 1 permit 10.0.0.0 0.0.0.255
-------------------------------------------------------
Next step is to specify the pool of IP addresses that will be used as Inside Global IP Addresses. Ensure that the pool name specified in the previous command matches the pool name you will be creating in the below command line. Please note that pool name is case-sensitive.
GatewayRouter(config)#ip nat pool OUTSIDE 216.116.120.250 216.116.120.254 net 255.255.255.248
Note that the first IP address marks the starting point of the Inside Global IP Address and the second IP address marks the last Inside Global IP Address to be used for NAT.
-------------------------------------------------------Step 5: Configure Network Address Translation. Define components that will be translated.
GatewayRouter(config)#ip nat inside source list 1 pool OUTSIDE
As you can see there are many options to choose from. Let’s go over the options that we chose.
-------------------------------------------------------
Step 6: VerificationThe last step is to verify that the Network Address Translation works. You can login to one of your PCs and ping out to the internet. If you have a DNS set up, you can ping a known websites such as google.com or yahoo.com. If your internet network does not have a DNS setup, try to ping an external DNS such as 4.2.2.3. Once you have successfully pinged an external entity, you can revert to GatewayRouter to verify the translation.
Translation is successful. Please note that port number from the output will vary, but the port numbers from Inside global and Inside local will generally match.
No comments:
Post a Comment