Lab 06‐3 - LPouliot/Junior-Spring-NET-330-01-Network-Design GitHub Wiki

NAT LAB 3- Champlain Example Lab

In this lab, we will be using Champlain and the CNCS labs as an example for implementing NAT.

We will be using the following as a starting file:

Starting File:

NET-330 NAT Lab Starter File-FA19.pkt

Goals:

Configure IP addressing/gateways on all PC's and Servers using the IP Subnet Table provided

SUBNET Info:

BT Server Net: 153.104.18.0/24

Gateway: 153.104.18.1

IP: 153.104.18.2

Mask: 255.255.255.0

CC-BT Net: 219.93.144.0/24

Mask: 255.255.255.0

BT-Router: 219.93.144.2

CC Border Router: 219.93.144.1

CC Backbone: 192.168.100.0/24

Mask: 255.255.255.0

Ireland Data Center: 192.168.100.2

Skiff Distribution Router: 192.168.100.3

Foster Distribution Router: 192.168.100.4

Skiff: 192.168.1.0/24

Gateway: 192.168.1.1

IP: 192.168.1.2

IP: 192.168.1.3

Mask: 255.255.255.0

Foster: 192.168.3.0/24

Gateway: 192.168.3.1

IP: 192.168.3.2

IP: 192.168.3.3

Mask: 255.255.255.0

IDC: 192.168.7.0/24

Gateway: 192.168.7.1

IP: 192.168.7.2

IP: 192.168.7.3

Mask: 255.255.255.0

Configure PAT on CC Border Router so that Foster and Skiff PC's can ping the BT server.

Remember: Foster and Skiff are using private IP addresses (192.168....) - so they can use a shared public IP to access Internet services

Must demonstrate that NAT is working by showing ip nat translation table. You will need to ping the server from CC pc's to generate entries in the table

Hint: access lists can have more than one network in them - just enter a "access-list 1 permit..." line for each network that is allowed (Skiff and Foster)

Remember: make sure to use an IP from the Champlain Public Network as the PAT pool address

Set the Default Route (or Gateway of Last Resort) from CC Border Router to Burlington Telecom Router

(config)#ip route 0.0.0.0 0.0.0.0 219.93.144.2

Due to the wiring type, there is no serial connection

Define "Inside" and "Outside" interfaces

Using fa0/0 and fa0/1 from the CC Border Router

(config)#interface fa0/0

(config-if)#ip nat inside

(config-if)#no shutdown

(config)#interface fa0/1

(config-if)#ip nat outside

(config-if)#no shutdown

Create an Address Pool named "test" for the Public IP addresses that 192.168 clients can use. Made a range (10 in total)

(config)#ip nat pool test 219.93.144.20 219.93.144.30 netmask 255.255.255.0

Create an access-list that defines which internal IPs can use the Public IP pool test

Add all three 192.168 clients to access-list

(config)#access-list 1 permit 192.168.1.0 0.0.0.255

(config)#access-list 1 permit 192.168.3.0 0.0.0.255

(config)#access-list 1 permit 192.168.7.0 0.0.0.255

Assign pool and access rule to interface with nat statement - basically saying that access-list 1 (192.168 addresses) can be translated to the PAT IP' from pool "test" when going from the "inside" to "outside". Overload states that the IP can be used by many (up to 64,000) clients. We already established the range of public IP addresses that are going to be used.

(config)#ip nat inside source list 1 pool test overload

Foster and Skiff PC's can ping the BT server

Foster

Skiff

Configure Static NAT on Border Router so that BT Server can access the Ireland Pub Web Server(15 POINTS)

You want Internet users to be able to access your internal Public web server - but it is using a private address

Pub Web Server is assigned a 192.168.7.0/24 address - but needs to be reached on a 219.93.144.0 address by BT server

Use Lab 6-1 as a reference

This was already completed above

Because of that, Pub Web SRV can ping Burlington Telecom SRV