CISCO NETWORK ADDRESS TRANSLATIONS (NAT)
Network Address Translation (NAT)
Network Address Translation (NAT) is a means of moving the IP address space into another space by altering the network address information in the IP header of packets when transiting through a traffic routing system. It allows private IP networks to connect to the Internet using unregistered IP addresses. NAT runs on a modem, typically connecting two networks and converting private addresses in the internal network into legal addresses (not internationally unique) before packets are sent to another network. In essence, how NAT works, it may be an intermediary between the Internet (or public network) and a local (or private) network (or private) network for one system such as a router; this means that only one single IP address is required to be used as a whole of a set of computers. Now run the command below based on the design on the picture above,
R1
hostname R1
int e0/0
ip add 12.1.1.1 255.255.255.0
no shutdown
int lo1
ip add 172.16.1.1 255.255.255.0
no shutdown
int lo2
ip addr 172.16.2.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 12.1.1.2
do ping 12.1.1.3
do ping 23.1.1.3
do ping 23.1.1.3 source 172.16.2.1
do ping 23.1.1.3 source 172.16.1.1
ping 3.3.3.3 source 172.16.1.1
R2
hostname R2
int e0/0
ip add 12.1.1.2 255.255.255.0
no shutdown
int e0/1
ip add 23.1.1.2 255.255.255.0
no shutdown
ip route 172.16.1.0 255.255.255.0 12.1.1.1
ip route 172.16.2.0 255.255.255.0 12.1.1.1
ip route 0.0.0.0 0.0.0.0 23.1.1.3
do ping 23.1.1.3
do ping 3.3.3.3
do ping 8.8.8.8
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 2 permit 172.16.2.0 0.0.0.255
ip nat pool DNAT 23.1.1.100 23.1.1.200 netmask 255.255.255.0
int e0/0
ip nat inside
int e0/1
ip nat outside
ip nat inside source list 1 pool DNAT
ip nat inside source list 2 pool DNAT
exit
sh ip nat translations
sh ip nat statistics
conf t
no ip nat inside source list 1 pool DNAT
no ip nat inside source list 2 pool DNAT
ip nat pool PAT 23.1.1.2 23.1.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool DNAT overload
ip nat inside source list 2 pool DNAT overload
exit
debug ip nat
R3
hostname R3
int e0/0
ip add 23.1.1.3 255.255.255.0
no shutdown
int lo1
ip addr 3.3.3.3 255.255.255.255
no shutdown
int lo2
ip add 8.8.8.8 255.255.255.255
no shutdown
exit
do show ip route
line vty 0 4
password cisco
login
transport input telnet
The next exercise, now i will add linux. see the design at the picture below
Linux
ifconfig eth0 172.16.3.2/24
ip addr 172.16.3.2/24 brd + dev eth0
ip route add default via 172.16.3.1
ping 172.16.3.1
ping 12.1.1.1
ping 12.1.1.2
ping 23.1.1.2
ip route add default 172.16.3.2/24 brd + dev eth0
telnet 23.1.1.3
R1
hostname R1
int e0/1
ip addr 172.16.3.1 255.255.255.0
no shutdown
R2
conf t
ip route 172.16.3.0 255.255.255.0 12.1.1.1
access-list 3 permit 172.16.3.0 0.0.0.255
ip nat inside source list 3 pool DNAT overload
Now, the next is we will try the conditions when the Router translates the packet's source IP address to the public IP address based on the forward NAT entry, and sends the packet to the server on the public network.
R1
hostname R1
int e0/0
ip addr 12.1.1.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 12.1.1.2
line vty 0 4
password cisco
login
transport input telnet
R2
hostname R2
int e0/0
ip addr 12.1.1.2 255.255.255.0
no shutdown
int e0/1
ip addr 23.1.1.2 255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 23.1.1.3
telnet 12.1.1.1
exit
int e0/0
ip nat inside
int e0/1
ip nat outside
exit
ip nat inside source static 12.1.1.1 23.1.1.10
do show ip nat translations
R3
hostname R3
int e0/0
ip addr 23.1.1.3 255.255.255.0
no shutdown
do ping 23.1.1.2
telnet 23.1.1.10