Lab 46: Configuring Dynamic Network Address Translation

Lab Objective:

The objective of this lab exercise is for you to learn and understand how to configure dynamic NAT using a pool of IP addresses for translation.

Lab Purpose:

NAT configuration is a fundamental skill. Dynamic NAT provides dynamic one-to-one translation between private IP addresses (RFC 1918) and public IP addresses. Dynamic NAT is typically used to provide inside private hosts with access to public or external networks without revealing the private IP addresses of the inside hosts. When dynamic NAT is used, hosts on the outside cannot access hosts on the inside. In other words, dynamic NAT works only when traffic is coming from hosts on the inside. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure dynamic NAT.

Certification Level:

This lab is suitable for CCNA certification exam preparation.

Lab Difficulty:

This lab has a difficulty rating of 8/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.

Lab Topology:

Please use the following topology to complete this lab exercise:

Lab 46: Configuring Dynamic Network Address Translation 2

Task 1:

Configure the hostnames on R1, R2, and Sw1 as illustrated in the topology.

Task 2:

Configure R1 S0/0, which is a DCE, to provide a clock rate of 256 Kbps to R2. Configure the IP addresses on the Serial interfaces of R1 and R2 as illustrated in the topology.

Task 3:

Configure VLAN50 named NAT_VLAN on Sw1. Assign the FastEthernet0/2 interface on Sw1 to this VLAN. Also, configure R1 to allow Telnet access using the password CISCO.

Task 4:

Configure interface VLAN50 on Sw1 and assign it the IP address illustrated in the topology. The default gateway on Sw1 should be 10.2.2.2. Next, configure interface FastEthernet0/0 in R2 and assign it the IP address illustrated in the topology.

Task 5:

Test connectivity by pinging from R1 to R2 and pinging from R2 to Sw1. These should all be successful. However, since R1 does not know about the 10.2.2.0/27 subnet, Sw1 will not be able to ping R1, or vice versa.

Task 6:

Configure R3 F0/0 as the inside NAT interface and S0/0 as the outside NAT interface. Next, create an ACL to permit all IP traffic from the 10.2.2.0/27 subnet to any destination. You can use either a named or numbered ACL.

Task 7:

Create a NAT pool called Dynamic-NAT. The starting IP address in this pool should be 192.168.254.3 and the ending IP address should be 192.168.254.6. This should have the same prefix length as the Serial0/0 subnet.

Task 8:

Configure NAT to translate all addresses specified in the ACL pool you created in Task 7.

Task 9:

Ping R1 from Sw1. Next, ping R1 from the FastEthernet0/0 interface of R2 using the ping <ip_address> source <interface> command (it won’t work on Packet Tracer). If you have configured your NAT translation correctly, the ping should be successful. Use the show ip nat translations command to verify your dynamic NAT translations.

Configuration and Verification

Task 1:

For reference information on configuring hostnames, please refer to earlier labs.

Task 2:

For reference information on configuring DCE clocking and IP addresses, please refer to earlier labs.

Task 3:

For reference information on configuring VLANs, please refer to earlier labs.

Task 4:

For reference information on configuring Telnet, please refer to earlier labs.

Task 5:

For reference information on pinging, please refer to earlier labs.

Task 6:

R2#conf t 
Enter configuration commands, one per line.  End with CTRL/Z. 
R2(config)#int fa0/0 
R2(config-if)#ip nat inside 
R2(config-if)#exit 
R2(config)#int s0/0 
R2(config-if)#ip nat outside 
R2(config-if)#exit 
R2(config)#ip access-list extended NAT-ACL 
R2(config-ext-nacl)#remark “Permit The 10.2.2.0/27 Subnet To Be NATd” 
R2(config-ext-nacl)#permit ip 10.2.2.0 0.0.0.31 any 
R2(config-ext-nacl)#end 
R2#

Task 7:

R2#conf t 
Enter configuration commands, one per line.  End with CTRL/Z. 
R2(config)#ip nat pool Dynamic-NAT 192.168.254.3 192.168.254.6 prefix-length 29 
R2(config)#^Z 
R2#

Task 8:

R2#config t 
Enter configuration commands, one per line.  End with CTRL/Z. 
R2(config)#ip nat inside source list NAT-ACL pool Dynamic-NAT
R2(config)#end 
R2# 
R2#show ip nat statistics 
Total active translations: 0 (0 static, 0 dynamic; 0 extended) 
Outside interfaces: 
 Serial0/0 
Inside interfaces: 
 FastEthernet0/0 
Hits: 53  Misses: 0 
Expired translations: 0 
Dynamic mappings: 
-- Inside Source 
[Id: 1] access-list NAT-ACL pool Dynamic-NAT refcount 0 
pool Dynamic-NAT: netmask 255.255.255.248 
  start 192.168.254.3 end 192.168.254.6 
  type generic, total addresses 4, allocated 0 (0%), misses 0

Task 9:

Sw1#ping 192.168.254.1 

Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds: 
!!!!! 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

R2#ping 192.168.254.1 source fastethernet0/0 

Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds: 
Packet sent with a source address of 10.2.2.2 
!!!!! 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 

R2#show ip nat translations 
Pro Inside global    Inside local       Outside local      Outside global 
--- 192.168.254.3    10.2.2.4           ---               --- 
--- 192.168.254.4    10.2.2.2           ---               --- 

R2#show ip nat statistics 
Total active translations: 2 (0 static, 2 dynamic; 0 extended) 
Outside interfaces: 
 Serial0/0 
Inside interfaces: 
 FastEthernet0/0 
Hits: 91  Misses: 2 
Expired translations: 0 
Dynamic mappings: 
-- Inside Source 
[Id: 1] access-list NAT-ACL pool Dynamic-NAT refcount 2 
pool Dynamic-NAT: netmask 255.255.255.248
     start 192.168.254.3 end 192.168.254.6 
     type generic, total addresses 4, allocated 2 (50%), misses 0

NOTE: Now that you have dynamic NAT configured, and you have pinged R1 from the F0/0 interface of R2 as well as from Sw1, you can see two dynamic translations in the NAT table. The first is a translation of the inside address 10.2.2.4 to the outside address of 192.168.254.3, and the second is the translation of the inside address 10.2.2.2 to the outside address of 192.168.254.4. Because the NAT pool only has four total IP addresses allocated, you can see that half of the pool is in use as specified in the line type generic, total addresses 4, allocated 2 (50%), misses 0. Pay attention to the information printed by this command and commit it to memory.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x