Lab 06‐2 - LPouliot/Junior-Spring-NET-330-01-Network-Design GitHub Wiki

Lab 6-2 NAT Configuration - PAT

NAT Configuration - PAT (Port Address Translation):

In Dynamic Nat, translations are made IP to IP. So you need as many global IP address as you have inside local address. That's an issue if you have few global IP address and hundreds of inside local address to translate. In such situations, you need to use PAT.

For this lab, we are going to configure the topology below so that the private address PC's (on the 192.168.0.0/24 network) will all use 30.0.0.120 as their (shared) Public IP address

Lab Topology

Use NAT-PAT-Lab-2.pkt[ Download NAT-PAT-Lab-2.pkt] (https://champlain.instructure.com/courses/2409362/files/339507139/download?download_frd=1) as starter file.

In this example our internal network is using the 192.168.0.0 network and we have one public ip addresses to use- 30.0.0.120.

Router1 is going to be the NAT device

image

Configure Router Interfaces

On Router 1: FE 0/0 192.168.0.1/24 and Serial 0/0/0 30.0.0.1/8

Router>enable

Router#configure terminal

Router(config)#hostname R1

R1(config)#interface fastethernet 0/0

R1(config-if)#ip address 192.168.0.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface serial 0/0/0

R1(config-if)#ip address 30.0.0.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

On Router 2: FE 0/0 20.0.0.1/8 and Serial 0/0/0 30.0.0.2/8

Router>enable

Router#configure terminal

Router(config)#hostname R2

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 20.0.0.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 0/0/0

R2(config-if)#ip address 30.0.0.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

Configure Routing

On Router 1: Set the Default Route (or Gateway of Last Resort) to Router 2

ip route 0.0.0.0 0.0.0.0 30.0.0.2

At this point, there should be no connectivity between the PC's and the external networks/server. Ping will fail to 20.0.0.2

image

Configure PAT on Router 1

Define "Inside" and "Outside" interfaces

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip nat inside

R1(config-if)#exit

R1(config)#interface serial 0/0/0

R1(config-if)#ip nat outside

R1(config-if)#exit

Create Address Pool named "test" for the Public IP addresses that 192.168 clients can use. It only has 1 IP in the pool (30.0.0.120)

R1(config)#ip nat pool test 30.0.0.120 30.0.0.120 netmask 255.0.0.0

Create an access-list that defines which internal IP's can use the Public IP pool test

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255

Assign pool and access rule to interface with nat statement - basically saying that access-list 1 (192.168 addresses) can be translated to the PAT IP' from pool "test" when going from the "inside" to "outside". Overload states that the IP can be used by many (up to 64,000) clients.

R1(config)#ip nat inside source list 1 pool test overload

If PAT is working, you should be able to connect the web service on the server (20.0.0.2) from the browser on multiple PC's

image

image

To verify PAT, go to R1 and use this show ip nat translations command. It show how TCP ports are used to track connections in the NAT Table:

  • I went through each PC and had it connect to 20.0.0.2
R1#show ip nat translations

Submit Screenshot of IP NAT Table

image