Week 7: NAT and IPv6 - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: Using a simplified model of the Skiff and Foster 202 Labs, configure simple NAT(PAT) to access an Internet Web Server.

Goals:

  • Observe Layer 3 Header changes as a packet crosses a NAT router
  • Configure Cisco router for IP masquerading using PAT

1. Open the packet

Skiff 100 and Foster 202 networks are on private networks (192.168.1.0/24 and 192.168.3.0/24 respectively)

image

We want to configure NAT on the Cyber.Local Router so that all Skiff and Foster pc's can "share" the public Champlain address 216.93.144.10 on the Internet

2. finish configuring the cyber.local router

  • Click on cyber.local router and go to CLI Tab
  • Use proper commands to get to the Router#(config) prompt

image

You made need to type "enable" and then "config t"

or "exit" if at the Router(config-if)# prompt

3. First step is to create an Address Pool called "champ" for the Public IP addresses that 192.168 clients can use. We only have 1 IP in the pool (216.93.144.10) as we are setting up PAT. So you type that IP twice- as the start and end of the pool

Router(config)#ip nat pool champ 216.93.144.10 216.93.144.10 netmask 255.255.255.0

image

4. Next, create an access-list called "1" that defines which internal IP's can use the Public IP pool champ. We are allowing both Skiff and Foster so can simplify and use 192.168.0.0/16 to cover both. Note: This command uses Wildcard Subnet Mask - 0.0.255.255

Router(config)#access-list 1 permit 192.168.0.0 0.0.255.255

image

5. Assign the pool and access rule to interfaces with a nat statement - basically saying that access-list 1 (192.168 addresses) can be translated to the PAT IP' from pool "champ" when going from the "inside" interfaces (Skiff and Foster) to "outside" interfaces (Internet). Overload states that the IP can be used by many (up to 64,000) clients.

Router(config)#ip nat inside source list 1 pool champ overload

image

If PAT is working, you should be able to ping the Burlington Telecom server from multiple PC's!

Deliverables

Capture ICMP

  • go into simulation mode
  • edit the filters to only have icmp
  • Ping the Burlington Telecom Server IP Address (104.27.144.81) from the Skiff 3 Workstation
  • Go into the events list and view the PDU information when the packet is at Skiff 3

image

image

This is the packet as it leaves the PC - make note of the SRC IP (and layer 2 MAC addresses)

  • Screenshot the OSI model layers

image

  • Go into the events list and view the PDU information when the packet's last device is Skiff 100 Switch

This is the packet as crosses the router- make note of the SRC IP (and layer 2 MAC addresses) changes between inbound and outbound - this is NAT at Work!

  • Take Screenshot of OSI Model Layers showing In and Out Layers

image

Show NAT Translation Table

  • Return to realtime mode
  • Go to a PC ---> desktop ---> 104.27.144.81
  • repeat this on at least 4 PC's

image

image

image

image

  • view the NAT Table that the router is using to track sessions
    • Go to Cyber.Local router and get the the Router# prompt
    • Then type the following command:

Router#sh ip nat translations

image

This shows the NAT Table and how TCP ports are used to track connections for the different Skiff and Foster Clients all using the same 216.93.144.10 address!