Uncategories Cisco Router NAT Overload (PAT)

Cisco Router NAT Overload (PAT)

8:45 PM
1. Router KCM

====================ROUTER KCM:

hostname ROUTER-KCM

interface fa0/0
 ip address 10.1.1.1 255.255.255.0
 no shutdown
 exit

interface se0/0
 ip address 192.168.1.2 255.255.255.252
 no shutdown

--------Default Route:

ip route 0.0.0.0 0.0.0.0 192.168.1.1


--------Static Route:

ip route 10.0.1.0 255.255.255.0 192.168.1.1
ip route 10.2.1.0 255.255.255.0 192.168.1.1
ip route 10.3.1.0 255.255.255.0 192.168.1.1

2. Router BTB

====================ROUTER BTB:

hostname ROUTER-BTB

interface fa0/0
 ip address 192.168.1.10 255.255.255.248
 no shutdown
 exit

interface fa0/1
 ip address 10.2.1.1 255.255.255.0
 no shutdown


--------Static & Default Route:

ip route 10.3.1.0 255.255.255.0 192.168.1.11
ip route 0.0.0.0 0.0.0.0 192.168.1.9

3. Router SRP

====================ROUTER SRP:

hostname ROUTER-SRP

interface fa0/0
 ip address 192.168.1.11 255.255.255.248
 no shutdown
 exit

interface fa0/1
 ip address 10.3.1.1 255.255.255.0
 no shutdown

--------Static & Default Route:

ip route 10.2.1.0 255.255.255.0 192.168.1.10

option a:
ip route 0.0.0.0 0.0.0.0 192.168.1.9

option b:
ip route 10.0.1.0 255.255.255.0 192.168.1.9
ip route 10.1.1.0 255.255.255.0 192.168.1.9

4. Router HQ

====================ROUTER HQ:
hostname ROUTER-HQ

interface fa0/0
 ip address 10.0.1.1 255.255.255.0
 no shutdown

interface fa0/1
 ip address 192.168.1.9 255.255.255.248
 no shutdown

interface serial0/1/0
 ip address 192.168.1.1 255.255.255.252
 clock rate 2000000
 no shutdown

--------Static Route:

ip route 10.1.1.0 255.255.255.0 192.168.1.2 : option 1
ip route 10.1.1.0 255.255.255.0 se0/1/0     : option 2

ip route 10.2.1.0 255.255.255.0 192.168.1.10
ip route 10.3.1.0 255.255.255.0 192.168.1.11

5. Router ISP

hostname ROUTERISP

interface fa0/0
 ip address 8.8.8.1 255.255.255.0
 no shutdown

interface fa0/1
 ip address 9.9.9.1 255.255.255.0
 no shutdown

interface serial0/0/0
 ip address 11.11.11.1 255.255.255.252
 clock rate 4000000
 no shutdown
 exit

------provide 1 more public ip address to customer

ip route 2.2.2.2 255.255.255.255 11.11.11.2

6.  Router HQ Nat Overload (PAT) Configuration

interface serial0/1/1
 ip address 11.11.11.2 255.255.255.252
 no shutdown
 exit

ip route 0.0.0.0 0.0.0.0 11.11.11.1

interface fa0/0
 ip nat inside
interface fa0/1
 ip nat inside
interface serial0/1/0
 ip nat inside

interface serial0/1/1
 ip nat outside

access-list 9 permit 10.0.1.0 0.0.0.255
access-list 9 permit 10.1.1.0 0.0.0.255
access-list 9 permit 10.2.1.0 0.0.0.255
access-list 9 permit 10.3.1.0 0.0.0.255

ip nat inside source list 9 interface serial0/1/1 overload
==========

Verify NAT :
# show ip nat translations : show NAT table
# clear ip nat translation * : clear log from NAT table


********** Or via Extended Access-List*************************************

access-list 100 permit ip 10.0.1.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 100 permit ip 10.2.1.0 0.0.0.255 any
access-list 100 permit ip 10.3.1.0 0.0.0.255 any
ip nat inside source list 100 interface serial0/1/1 overload

===========static nat

ip nat inside souce static 10.0.1.3 2.2.2.2


===========static nat port forwarding

ip nat inside source static tcp 10.0.1.3 80 2.2.2.2 80
ip nat inside source static tcp 10.2.1.100 443 2.2.2.2 443


*********** Lesson ********************

Data packet can be traveled over internet unless its source and destination
ip address are public ip addresses.


NAT : Network Address Translation
PAT : Port Address Translation

3 types of NAT:

1) Static NAT : translate from 1 private ip address to 1 public ip address.
    (Use in: Server )
2) Dynamic NAT: translate from multiple private ip address to multiple public ip address.
   
3) PAT or NAT Overload: translate from multiple private ip address to one public ip address.

--------Sample config of Static NAT   ( configure camera-security )
step 1: Define Inside Interfaces
(config)# interface nameofinsidelan
(config-if)# ip nat inside

step 2: Define Outside Interfaces
(config)# interface nameofoutside
(config-if)# ip nat outside

step 3: Perform NAT Action
(config)# ip nat inside source static private-ip public-ip
===========================================================================
--------Sample config of Dynamic NAT
step 1: Define Inside Interfaces
(config)# interface nameofinsidelan
(config-if)# ip nat inside

step 2: Define Outside Interfaces
(config)# interface nameofoutside
(config-if)# ip nat outside

step 3: Define Standard Access Control List
(config)# access-list acl-id permit source-ip wildcard-mask

step 4: Define NAT Pool 1 range of public ip address
(config)# ip nat pool pool-name start-public-ip end-public-ip netmask subnet-mask

step 5: Perform Dynamic NAT Action
(config)# ip nat inside source list acl-id pool pool-name
=============================================================================
--------Sample config of NAT Overload (PAT)
step 1: Define Inside Interfaces
(config)# interface nameofinsidelan
(config-if)# ip nat inside

step 2: Define Outside Interfaces
(config)# interface nameofoutside
(config-if)# ip nat outside

step 3: Define Standard Access Control List
(config)# access-list acl-id permit source-ip wildcard-mask

step 4: Perform NAT Overload Action
(config)# ip nat inside source list acl-id interface nameofoutside overload









Latest
Next Post »


EmoticonEmoticon

Subscribe to: Post Comments (Atom)