Configuring NAT
|
Rather Have Fast and Secure Remote
Control?
|
For the purpose of this example, I’m going to assume that we’re using NAT overloading (PAT) to allow our internal clients to access the Internet through a single public IP address. We’ll also create a static inbound mapping to allow external clients to gain access to a web server on our private network. The network properties used in this example are the same as those found in this figure.
Our first step involves configuring interface Ethernet 0 with its private IP address, and designating it as the internal NAT interface. The ip nat inside command designates an interface as internal.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int e0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip nat inside
The next step involves configuring Serial 0 with an IP address, and specifying it as the external NAT interface. External NAT interfaces are defined with the ip nat outside command.
Router(config-if)#int s0
Router(config-if)#ip address 131.107.2.200 255.255.255.240
Router(config-if)#ip nat outside
Depending on the NAT technique being used, a range of IP addresses could be configured as part of the NAT “pool”. Because we’re using NAT overloading, this “pool” will only consist of a single address – 131.107.2.200. The subnet mask associated with an address pool is specified with the prefix command.
Router(config)#ip nat pool Toronto 131.107.2.200 131.107.2.200 prefix 28
After the pool is defined, it needs to be configured for overloading. This is accomplished using the command shown below, which defines an access list. In this example, access list 88 allows us to control which addresses can access the Internet via NAT.
Router(config)#ip nat inside source list 88 pool Toronto overload
Router(config)#access-list 88 permit 192.168.1.0 0.0.0.255
Assuming that internal clients are configured with addresses in the 192.168.1.0/24 range, and that their default gateways are set to 192.168.1.1, they should now be able to access the Internet through the router’s NAT implementation.
In order to allow external clients to access the web server on our internal private network, we’ll create a mapping that tells NAT to forward all requests to address 131.107.2.200 port 80 to the internal address 192.168.1.100, port 80. This is accomplished using the command shown below.
Router(config)#ip nat inside source static tcp 192.168.1.100 80 131.107.2.200 80
Once implemented, NAT statistics can be viewed using the show ip nat statistics command, while address translations can be viewed using show ip nat translations.
Written by Dan DiNicolo - Visit Website
Next post in CCNA Study Guide Chapter 12:
CCNA Study Guide Chapter 12 Summary
Previous post in CCNA Study Guide Chapter 12:
NAT Inbound Mapping
Previous post in NAT:
NAT Inbound Mapping
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
