Lab Objective:
The objective of this lab exercise is for you to learn and understand how to configure NAT overload.
Lab Purpose:
NAT overload (or PAT) is an important exam topic so you can be pretty sure it will crop up. Rather than watch a video solution, I have provided show runs and test commands where appropriate.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 7/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Configure the topology above. You should add a static default route on RouterB to send all traffic out of the Serial interface. Test by pinging the Loopbacks on RouterA. Check that you can ping all interfaces.
Task 2:
Configure a NAT pool on RouterA. The pool should consist of addresses 172.16.1.1 to 20/19 and it should NAT if any hosts from network 192.168.2.0/27 try to reach the Internet. Overload the pool.
Task 3:
Check your configurations with show commands and pings sourced from 192.168.1.1 when you have debug ip packet running on RouterB.
Solution
Show Runs
RouterA interface Loopback0 ip address 192.168.1.1 255.255.255.240 ! interface Loopback1 ip address 192.168.2.1 255.255.255.224 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 ip address 10.0.0.1 255.255.255.252 ip nat outside ip virtual-reassembly clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat pool Internet 172.16.1.1 172.16.1.20 netmask 255.255.224.0 ip nat inside source list 1 pool Internet overload ! access-list 1 permit 192.168.2.0 0.0.0.31 RouterB interface Serial0/0 ip address 10.0.0.2 255.255.255.252 clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Serial0/0 !
TEST: Issue an extended ping to 10.0.0.2 from source 192.168.2.1.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Packet sent with a source address of 192.168.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/24 ms R1# R1#show ip nat tran Pro Inside global Inside local Outside local Outside global icmp 172.16.1.1:5 192.168.2.1:5 10.0.0.2:5 10.0.0.2:5 R1#
TEST: Issue an extended ping to 10.0.0.2 from source 192.168.2.1.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Packet sent with a source address of 192.168.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms R1# R1#show ip nat tran Pro Inside global Inside local Outside local Outside global icmp 172.16.1.1:5 192.168.2.1:5 10.0.0.2:5 10.0.0.2:5 icmp 172.16.1.1:6 192.168.2.1:6 10.0.0.2:6 10.0.0.2:6 R1#