6.6.7 Packet Tracer – Configure PAT (Answers)

6.6.7 Packet Tracer – Configure PAT (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

6.6.7 Packet Tracer - Configure PAT (Answers) 2

Objectives

  • Part 1: Configure Dynamic NAT with Overload
  • Part 2: Verify Dynamic NAT with Overload Implementation
  • Part 3: Configure PAT using an Interface
  • Part 4: Verify PAT Interface Implementation

Part 1: Configure Dynamic NAT with Overload

Step 1: Configure traffic that will be permitted.

On R1, configure one statement for ACL 1 to permit any address belonging to 172.16.0.0/16.

R1(config)# access-list 1 permit 172.16.0.0 0.0.255.255
Step 2: Configure a pool of address for NAT.

Configure R1 with a NAT pool that uses the two useable addresses in the 209.165.200.232/30 address space.

R1(config)# ip nat pool ANY_POOL_NAME 209.165.200.233 209.165.200.234 netmask 255.255.255.252
Step 3: Associate ACL 1 with the NAT pool and allow addresses to be reused.
R1(config)# ip nat inside source list 1 pool ANY_POOL_NAME overload
Step 4: Configure the NAT interfaces.

Configure R1 interfaces with the appropriate inside and outside NAT commands.

R1(config)# interface s0/1/0
R1(config-if)# ip nat outside
R1(config-if)# interface g0/0/0
R1(config-if)# ip nat inside
R1(config-if)# interface g0/0/1
R1(config-if)# ip nat inside

Part 2: Verify Dynamic NAT with Overload Implementation

Step 1: Access services across the internet.

From the web browser of each of the PCs that use R1 as their gateway (PC1, L1, PC2, and L2), access the web page for Server1.

Were all connections successful?

Yes

Step 2: View NAT translations.

View the NAT translations on R1.

R1# show ip nat translations

Notice that all four devices were able to communicate, and they are using just one address out of the pool. PAT will continue to use the same address until it runs out of port numbers to associate with the translation. Once that occurs, the next address in the pool will be used. While the theoretical limit would be 65,536 since the port number field is a 16 bit number, the device would likely run out of memory before that limit would be reached.

Part 3: Configure PAT using an Interface

Step 1: Configure traffic that will be permitted.

On R2, configure one statement for ACL 2 to permit any address belonging to 172.17.0.0/16.

R2(config)# access-list 2 permit 172.17.0.0 0.0.255.255
Step 2: Associate ACL 2 with the NAT interface and allow addresses to be reused.

Enter the R2 NAT statement to use the interface connected to the internet and provide translations for all internal devices.

R2(config)# ip nat inside source list 2 interface s0/1/1 overload
Step 3: Configure the NAT interfaces.

Configure R2 interfaces with the appropriate inside and outside NAT commands.

R2(config)# interface s0/1/1
R2(config-if)# ip nat outside
R2(config-if)# interface g0/0/0
R2(config-if)# ip nat inside
R2(config-if)# interface g0/0/1
R2(config-if)# ip nat inside

Part 4: Verify PAT Interface Implementation

Step 1: Access services across the internet.

From the web browser of each of the PCs that use R2 as their gateway (PC3, L3, PC4, and L4), access the web page for Server1.

Were all connections successful?

Yes

Step 2: View NAT translations.

View the NAT translations on R2.

R2# show ip nat translations
Step 3: Compare NAT statistics on R1 and R2.

Compare the NAT statistics on the two devices.

R1# show ip nat statistics
R2# show ip nat statistics

Why doesn’t R2 list any dynamic mappings?

R1 lists dynamic mappings for the pool of addresses that has been configured. R2 is only using the outside interface as the address to translate internal addresses to so there is no dynamic mapping.

R1# show ip nat statistics
Total translations: 3 (0 static, 3 dynamic, 3 extended)
Outside Interfaces: Serial0/1/0
Inside Interfaces: GigabitEthernet0/0/0 , GigabitEthernet0/0/1
Hits: 72 Misses: 54
Expired translations: 24
Dynamic mappings:
-- Inside Source
access-list 1 pool DYNAMIC refCount 3
pool DYNAMIC: netmask 255.255.255.252
start 209.165.76.196 end 209.165.76.199
type generic, total addresses 4 , allocated 1 (25%), misses 0

Answer Configurations

Router R1

enable
configure terminal
interface GigabitEthernet0/0/0
 ip nat inside
interface GigabitEthernet0/0/1
 ip nat inside
interface Serial0/1/0
 ip nat outside
ip nat pool DYNAMIC 209.165.200.233 209.165.200.234 netmask 255.255.255.252
ip nat inside source list 1 pool DYNAMIC overload
access-list 1 permit 172.16.0.0 0.0.255.255
end

Router R2

enable
configure terminal
interface GigabitEthernet0/0/0
 ip nat inside
interface GigabitEthernet0/0/1
 ip nat inside
interface Serial0/1/1
 ip nat outside
ip nat inside source list 2 interface Serial0/1/1 overload
access-list 2 permit 172.17.0.0 0.0.255.255
end

Download Packet Tracer Completed File


Related Articles

guest
1 Comment
Inline Feedbacks
View all comments
Johanah Mae austria
Johanah Mae austria
5 months ago

I like this