17Boson NetSim for CCNP Lab Manual

Command SummaryCommand Description

ip nat pool pool_name start_address end_address netmask subnet_mask

creates an address pool

access-list list_number permit address wildcard creates an access list to be referenced by the NAT statement

ip nat inside source static inside_local_address inside_global_address

creates a static NAT translation

ip nat inside source list access_list_number pool pool_name

translates anything matching the access list to an address in the pool

ip nat inside source list access_list_number interface type number overload

translates anything matching the access list to the IP address of the interface specifi ed; overload indicates that PAT will be used

ip nat inside defi nes the inside interface for NAT

ip nat outside defi nes the outside interface for NAT

router rip changes to router confi guration mode

network network_address allows a routing protocol to route for a directly connected network

no auto-summary disables automatic route summary for a routing protocol

show users displays users currently logged in to the router

show ip nat translations displays the NAT translation table

clear ip nat translation * clears the NAT translation table

Settings on All RoutersProperty Your Setting

Router host names see diagramEnable password ciscoEnable secret password ciscoVirtual terminal password cisco

Lab TasksTask 1: Preparing for NAT

1. On P1R1, change the Loopback 0 IP address to 172.16.1.1 /24.2. On P1R1, confi gure RIP to route for the new network.3. On P1R1, disable RIP auto summary. 4. Verify that you can ping P2R1’s Loopback 0 IP address.

Task 2: Confi guring Static NAT1. Enter the command on P1R1 that makes the serial 0/0 interface an inside NAT interface. 2. Enter the command on P1R1 that makes the FastEthernet 0/0 interface an outside NAT

interface.

Network Address TranslationBSCI LAB 3


3. Enter the command on P1R1 that statically translates 10.30.1.6 (P1R2’s serial 0/0 interface) to 172.16.1.100.

4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface. The ping should be successful.

5. From P1R2, telnet to the P2R1 FastEthernet 0/0 interface (the password is cisco). Issue the show users command on P2R1. The source IP address of the VTY session should be the statically translated IP address.

6. On P1R1, display the NAT translation table. Do you see the translation? If you do not see the translation, it may have timed out. Try to ping again.

Task 3: Confi guring Dynamic NAT1. On P1R1, remove the static NAT statement, and clear the NAT table.2. On P1R1, create a NAT pool named bigpool. This pool should contain a single address of

172.16.1.100. 3. Create a standard access list 1 that will permit the entire 10.30.1.0 /24 network.4. Enter the command that confi gures NAT to allow the hosts identifi ed in access list 1 to

access the outside world using the IP address identifi ed by bigpool. 5. If it is not already, make the P1R1 serial 0/0 interface an inside NAT interface.6. If it is not already, make the P1R1 FastEthernet 0/0 interface an outside NAT interface.7. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you

can reach it. Next, telnet to the P2R1 router and log in. Both ping and telnet should work.8. While in the Telnet session of P2R1, issue the show users command. What does it show

as your source IP address: the real or the translated IP address? ______________________________________________________________

9. On P1R1, execute the show ip nat translations command. Can you identify an inside local address that matches P1R2? What inside global address is associated with P1R2?

______________________________________________________________

Task 4: NAT Overloading (PAT)1. On P1R1, clear the NAT translation table. Remove the dynamic NAT statement and the

pool that it references. Do not remove the access list. 2. On P1R1, ensure that serial 0/0 is an inside NAT interface and that FastEthernet 0/0 is

an outside NAT interface.3. On P1R1, create a NAT statement that allows hosts matching access list 1 to access the

outside world using the IP address of P1R1’s FastEthernet 0/0 interface. 4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you

can reach it. Next, telnet to P2R1 and log in. Both ping and telnet should work.5. On P1R1, execute the show ip nat translations command. Can you identify an inside

local address that matches P1R2? ______________________________________________________________6. Optional: Save a copy of your confi guration fi le to a text fi le named nat.txt.



Lab SolutionsTask 1: Preparing for NAT

1. P1R1(confi g)#interface loopback 0P1R1(confi g-if)#ip address 172.16.1.1 255.255.255.0

2. P1R1(confi g)#router ripP1R1(confi g-router)#network 172.16.0.0

3. P1R1(confi g)#router ripP1R1(confi g-router)#no auto-summary

4. P1R1#ping 172.16.2.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Task 2: Confi guring Static NAT1. ip nat inside

2. ip nat outside

3. ip nat inside source static 10.30.1.6 172.16.1.100

4. P1R2#ping 10.100.100.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms

5. P1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open

User Access Verifi cation

Password:P2R1>enablePassword:P2R1#sh usersLine User Host(s) Idle Location0 con 0 idle 00:00:59*2 vty 1 idle 00:00:09 172.16.1.100

6. P1R1#show ip nat translationsPro Inside global Inside local Outside local Outside global--- 172.16.1.100 10.30.1.6 --- ---



Task 3: Confi guring Dynamic NAT1. P1R1#conf t

Enter confi guration commands, one per line. End with CNTL/Z.P1R1(confi g)#no ip nat inside source static 10.30.1.6 172.16.1.100P1R1#clear ip nat translation *P1R1#show ip nat translations

2. P1R1(confi g)#ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0

3. P1R1(confi g)#access-list 1 permit 10.30.1.0 0.0.0.255

4. P1R1(confi g)#ip nat inside source list 1 pool bigpoolP1R1(confi g)#

5. ip nat inside

6. ip nat outside

7. P1R2#ping 10.100.100.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 msP1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open


Password:P2R1>

8. The translated IP address should appear. P2R1>show usersLine User Host(s) Idle Location0 con 0 idle 00:16:58* 2 vty 0 idle 00:00:00 172.16.1.100

9. The inside local address is 10.30.1.6; the inside global address is 172.16.1.100.P1R1#show ip nat translationsPro Inside global Inside local Outside local Outside globalicmp 172.16.1.100 10.30.1.6 10.100.100.2:9392 10.100.100.2:9392

Task 4: NAT Overloading (PAT)1. P1R1#clear ip nat translation *

P1R1#confi gure terminalEnter confi guration commands, one per line. End with CNTL/Z.P1R1(confi g)#no ip nat inside source list 1 pool bigpoolP1R1(confi g)#no ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0



2. P1R1#show runCurrent confi guration : 1056 bytes!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!

3. P1R1(confi g)#ip nat inside source list 1 interface FastEthernet 0/0 overload

4. P1R2#ping 10.100.100.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms

P1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open


Password:P2R1>

5. The inside local address is 10.30.1.6. P1R1#show ip nat translations

Pro Inside global Inside local Outside local Outside globalicmp 10.100.100.1:8367 10.30.1.6:8367 10.100.100.2:8367 10.100.100.2:8367icmp 10.100.100.1:8368 10.30.1.6:8368 10.100.100.2:8368 10.100.100.2:8368icmp 10.100.100.1:8369 10.30.1.6:8369 10.100.100.2:8369 10.100.100.2:8369icmp 10.100.100.1:8370 10.30.1.6:8370 10.100.100.2:8370 10.100.100.2:8370icmp 10.100.100.1:8371 10.30.1.6:8371 10.100.100.2:8371 10.100.100.2:8371



Sample Confi guration Script:Static NAT

P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat inside source static 10.30.1.5 172.16.1.100!

Sample Confi guration Script:Dynamic NAT

P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0ip nat inside source list 1 pool bigpool!access-list 1 permit 10.30.1.0 0.0.0.255!



Sample Confi guration Script:NAT Overloading

P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat inside source list 1 interface FastEthernet 0/0 overload!access-list 1 permit 10.30.1.0 0.0.0.255!


08 lab 3 network address translation

Documents