Lab Objective:
The objective of this lab exercise is for you to configure a NAT pool.
Lab Purpose:
NAT is an important exam topic so you can be pretty sure it will crop up. Rather than watch a video solution, I have provided show runs and test commands where appropriate.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 5/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Configure the topology above. You should add a static default route on RouterB to send all traffic out of the Serial interface. Test by pinging the Loopbacks on RouterA. Check that you can ping all interfaces.
Task 2:
Configure a NAT pool on RouterA. The pool is 172.16.1.1 to 172.16.1.20. It should activate if any address from the 192.168.2.0/27 network goes out of the Serial interface. You can add a secondary IP address to the Loopback0 interface to test another address from the pool if you wish.
Task 3:
Check your configurations with show commands and pings sourced from 192.168.1.1 when you have debug ip packet running on RouterB.
Solution
Show Runs
RouterA interface Loopback0 ip address 192.168.1.1 255.255.255.240 ! interface Loopback1 ip address 192.168.2.1 255.255.255.224 ip address 192.168.2.2 255.255.255.224 secondary ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 ip address 10.0.0.1 255.255.255.252 ip nat outside ip virtual-reassembly clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat pool Internet 172.16.1.1 172.16.1.20 netmask 255.255.0.0 ip nat inside source list 1 pool Internet ! access-list 1 permit 192.168.2.0 0.0.0.31 RouterB interface Serial0/0 ip address 10.0.0.2 255.255.255.252 clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Serial0/0 !
TEST: Do an extended ping sourced from 192.168.2.1 (do another one from source 192.168.2.2 also if you wish, but be quick to avoid the NAT entry timing out).
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Packet sent with a source address of 192.168.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms R1#show ip nat tran Pro Inside global Inside local Outside local Outside global icmp 172.16.1.1:4 192.168.2.1:4 10.0.0.2:4 10.0.0.2:4 --- 172.16.1.1 192.168.2.1 --- --- R1#
(Try the same thing again with the secondary IP address if you wish.)
R2#debug ip traffic *Mar 1 00:32:00.639: IP: s=172.16.1.1 (Serial0/0), d=10.0.0.2 (Serial0/0), len 100, rcvd 3 *Mar 1 00:32:00.639: IP: tableid=0, s=10.0.0.2 (local), d=172.16.1.1 (Serial0/0), routed via FIB *Mar 1 00:32:00.639: IP: s=10.0.0.2 (local), d=172.16.1.1 (Serial0/0), len 100, sending R2#