Packet tracer 5.2 Lab (14th) Network Address Translation NAT configuration

I. Lab Objectives

• Understand the principles and functions of NAT network address translation;
• Master static Nat configurations to enable LAN access to the Internet;

Ii. Lab background

To publish the WWW Service, the company now requires that the Intranet web server IP address be mapped to a global IP address to allow external networks to access the company's internal web servers.

Iii. Technical Principles

• Network Address Translation (NAT) is widely used in various Internet access methods and networks. The reason is simple. Nat not only perfectly solves the problem of insufficient IP addresses, but also effectively avoids attacks from outside the network and hides and protects computers inside the network.
• By default, the internal IP address cannot be routed to the Internet. The internal host 10.1.1.1 must communicate with the external internet. When the IP packet arrives at the NAT router, the IP address 10.1.1.1 is replaced with a valid Internet IP address and saved in the NAT translation table. When an external host sends a response to the Intranet, the NAT router will view the current Nat translation table and replace the Internet address with 10.1.1.1.
• Nat divides the network into two parts: internal network and external network. When a LAN host uses Nat to access the network, the local address inside the LAN is converted to a global address (a valid IP address of the Internet) forward data packets later.
• Nat can be divided into two types: NAT (Network Address Translation) and napt (network port address translation IP address corresponds to a global address ).
• Static NAT: one-to-one ing between internal addresses and external addresses. In reality, it is generally used on servers;
• Dynamic NAT: defines an address pool, which is automatically mapped and one-to-one. In reality, it is rarely used;
• Napt: use different ports to map multiple Intranet IP addresses to a specified Internet IP address, multiple-to-one.

Iv. Experiment steps

Lab Topology

1. R1 is the egress router of the company. It is connected to the external route through the V.35 cable serial port. The DCE end is connected to R2 and the clock frequency is configured as 64000;

2. Configure the IP addresses of PCs, servers, and router interfaces;

3. Configure the Static Routing Protocol on each vro so that the PCs can ping each other;

4. Configure static nat on R1;

5. Define internal and external network interfaces on R1;

6. Verify the interconnectivity between hosts.

R1:

Router> en
Router # conf t
Enter configuration commands, one per line. End with cntl/Z.
Router (config) # hostname r1
R1 (config) # int fa0/0
R1 (config-If) # IP add 192.168.1.1 255.255.255.0
R1 (config-If) # No shut

% Link-5-changed: interface fastethernet0/0, changed state to up
% LINEPROTO-5-UPDOWN: Line protocol on interface fastethernet0/0, changed state to up
R1 (config-If) # exit
R1 (config) # int S2/0
R1 (config-If) # IP add 222.0.1.1 255.255.255.0
R1 (config-If) # No shut

% Link-5-changed: interface serial/0, changed state to down
R1 (config-If )#
% Link-5-changed: interface serial/0, changed state to up
% LINEPROTO-5-UPDOWN: Line protocol on interface serial/0, changed state to up
R1 (config-If )#
R1 (config-If )#
R1 (config-If) # exit
R1 (config) # IP Route 222.0.2.0 255.255.255.0 222.0.1.2 // configure a static route to the 222.0.2.0 CIDR Block
R1 (config) # End
R1 #
% SYS-5-CONFIG_ I: configured from console by the Console
R1 # Show IP Route
Codes: C-connected, S-static, I-IGRP, R-rip, M-mobile, B-BGP
D-OSPF, ex-VPN external, o-OSPF, Ia-OSPF Inter Area
N1-ospf nssa external type 1, n2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-Is, L1-is level-1, L2-is level-2, Ia-Is Inter Area
*-Candidate default, U-per-user static route, o-ODR
P-periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, fastethernet0/0
C 222.0.1.0/24 is directly connected, serial/0
S 222.0.2.0/24 [1/0] via 222.0.1.2
R1 #
R1 #
R1 # conf t
Enter configuration commands, one per line. End with cntl/Z.
R1 (config) # int fa0/0
R1 (config-If )#?
ARP set ARP type (ARPA, probe, snap) or timeout
Bandwidth set bandwidth informational Parameter
CDP interface subcommands
Crypto encryption/Decryption commands
Custom-queue-list assign a custom queue list to an interface
Delay specify interface throughput Delay
Description Interface specific description
Duplex configure duplex operation.
Exit exit from Interface Configuration Mode
Fair-queue enable fair queuing on an interface
Hold-queue set hold queue depth
IP interface Internet Protocol config commands
Mac-address manually set interface MAC address
MTU set the interface maximum transmission unit (MTU)
No negate a command or set its defaults
Priority-group assign a priority group to an interface
Service-policy configure QoS service policy
Shutdown the selected interface
Speed configure speed operation.
TX-ring-limit configure PA level transmit ring limit
Zone-member apply zone name
R1 (config-If) # Ip?
Access-Group specify access control for packets
Address set the IP address of an interface
Hello-interval configures IP-EIGRP Hello Interval
Helper-address specify a destination address for UDP broadcasts
Inspect apply inspect name
IPS create IPS rule
MTU set IP maximum transmission unit
Nat interface commands
OSPF interface commands
Split-horizon perform split horizon
Summary-address perform address Summarization
Virtual-reassembly virtual reassembly
R1 (config-If) # ip nat?
Inside inside interface for address translation
Outside interface for address translation
R1 (config-If) # ip nat inside?
<CR>
R1 (config-If) # ip nat inside
R1 (config-If) # exit
R1 (config) # int S2/0
R1 (config-If) # ip nat outside?
<CR>
R1 (config-If) # ip nat outside
R1 (config-If) # exit
R1 (config )#
R1 #
R1 #
R1 # conf t
Enter configuration commands, one per line. End with cntl/Z.
R1 (config) # Ip?
Access-list named access-list
Default-network flags networks as candidates for default routes
DHCP configure DHCP server and relay Parameters
Domain ip dns resolver
Domain-lookup enable IP Domain Name System hostname Translation
Domain-Name define the default domain name
Forward-Protocol controls forwarding of physical and directed IP broadcasts
Host Add an entry to the IP hostname table
Name-server specify address of name server to use
Nat NAT configuration commands
Route establish static routes
TCP global TCP Parameters
R1 (config) # ip nat?
Inside inside address translation
Outside address translation
Pool define pool of addresses
R1 (config) # ip nat inside?
Source Address Translation
R1 (config) # ip nat inside source?
List specify access list describing local addresses
Static specify static local-> Global Mapping
R1 (config) # ip nat inside source static?
A. B .c.d inside local IP Address
TCP transmission control protocol
UDP user datasync Protocol
R1 (config) # ip nat inside source static 192.168.1.2?
A. B .c.d inside global IP Address
R1 (config) # ip nat inside source static 192.168.1.2 222.0.1.3?
<CR>
R1 (config) # ip nat inside source static 192.168.1.2 222.0.1.3 // configure the static Nat ing from the Intranet to the Internet
R1 (config) # End
R1 #
% SYS-5-CONFIG_ I: configured from console by the Console
R1 # Show ip nat?
Statistics translation statistics
Translations translation entries
R1 # Show ip nat translations
Pro inside global inside local outside global
--- 222.0.1.3 192.168.1.2 ------

R1 #
R1 # Show ip nat translations
Pro inside global inside local outside global
--- 222.0.1.3 192.168.1.2 ------
TCP 222.0.1.3: 80 192.168.1.2: 80 222.0.2.2: 1025 222.0.2.2: 1025

R1 #
R1 # Show running-config
Building configuration...

Current configuration: 753 bytes
!
Version 12.2:
No service timestamps log datetime msec
No service timestamps debug datetime msec
No service password-Encryption
!
Hostname r1
!
...
!
Interface fastethernet0/0
IP address 192.168.1.1 255.255.255.0
Ip nat inside
Duplex auto
Speed auto
!
Interface fastethernet1/0
No IP Address
Duplex auto
Speed auto
Shutdown
!
Interface serial/0
IP address 222.0.1.1 255.255.255.0
Ip nat outside
!
Interface seri_3/0
No IP Address
Shutdown
!
Interface fastethernet4/0
No IP Address
Shutdown
!
Interface fastethernet5/0
No IP Address
Shutdown
!
Ip nat inside source static 192.168.1.2 222.0.1.3
IP classless
IP Route 222.0.2.0 255.255.255.0 222.0.1.2
!
...
!
Line con 0
Line vty 0 4
Login
!
!
!
End


R1 # 
 

R2:

Router> router> enrouter # conf tenter configuration commands, one per line. end with cntl/Z. router (config) # hostname r2r2 (config) # int fa0/0r2 (config-If) # IP add 222.0.2.1 255.255.255.0r2 (config-If) # No shut % link-5-changed: interface fastethernet0/0, changed state to up % LINEPROTO-5-UPDOWN: Line protocol on interface fastethernet0/0, changed state to upr2 (config-If) # exitr2 (config) # int S2/0r2 (config-If) # IP add 222.0.1.2 255.255.255.0r2 (config-If) # No shut % link-5-changed: interface serial/0, changed state to upr2 (config-If) # clock rate 64000r2 (config-If) # % LINEPROTO-5-UPDOWN: Line protocol on interface serial/0, changed state to upr2 (config-If) # R2 (config-If) # R2 (config-If) # exitr2 (config) # IP Route 192.168.1.0 255.255.255.0 222.0.1.1r2 (config) # endr2 # % SYS-5-CONFIG_ I: configured from console by consoler2 # Show IP routecodes: C-connected, S-static, I-IGRP, R-rip, M-mobile, B-BGP D-VPN, ex-OSPF external, o-OSPF, Ia-OSPF Inter Area N1-ospf nssa external type 1, n2-ospf nssa external type 2 E1-OSPF external type 1, e2-OSPF external type 2, E-EGP I-is, L1-is level-1, L2-is level-2, IA-Is Inter Area *-candidate default, U-per-user static route, o-ODR p-periodic downloaded static routegateway of last resort is not sets 192.168.1.0/24 [1/0] via 222.0.1.1c 222.0.1.0/24 is directly connected, serial/0C 222.0.2.0/24 is directly connected, fastethernet0/0r2 #

PC1:

 
Packet tracer PC command line 1.0 Pc> ipconfigip address ......................: 222.0.2.2subnet mask .....................: 255.255.255.0default gateway .................: 222.0.2.1pc> Ping 192.168.1.2pinging 192.168.1.2 with 32 bytes of data: Request timed out. reply from 192.168.1.2: bytes = 32 time = 19 Ms TTL = 126 reply from 192.168.1.2: bytes = 32 time = 17 Ms TTL = 126 reply from 192.168.1.2: bytes = 32 time = 15 ms TTL = 126 Ping statistics for 192.168.1.2: Packets: Sent = 4, stored ED = 3, lost = 1 (25% loss ), approximate round trip times in Milli-seconds: Minimum = 15 ms, maximum = 19 ms, average = 17 mspc>
 

PC1-WEB: