Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Thursday, December 6, 2012

simple nat...

back to squares...

throughout route, services tend to get neglected and it's easy to get rusty... services are a big part of tshoot, and by extension ccie...

a quick review...

the concepts of nat, pat and the locals and globals are not presented here; you should know them... this is about mechanics...

3 routers running ospf, ia...


r1 and r2 area 0, r3 is area 1...

this simple topology is easily deduced from sh ip ospf data

 R2#sh ip ospf data

            OSPF Router with ID (2.2.2.2) (Process ID 1)

        Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         806         0x80000003 0x0050EB 2
2.2.2.2         2.2.2.2         805         0x80000004 0x0041EB 2

        Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.1.2     2.2.2.2         805         0x80000001 0x0009B0

        Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
3.3.3.3         2.2.2.2         786         0x80000001 0x00D650
200.1.1.0       2.2.2.2         827         0x80000001 0x000E5B

        Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         791         0x80000002 0x00CCBA 1
3.3.3.3         3.3.3.3         792         0x80000002 0x00B2AF 2

        Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
200.1.1.2       2.2.2.2         791         0x80000001 0x00E070

        Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         2.2.2.2         800         0x80000001 0x0033FB
2.2.2.2         2.2.2.2         837         0x80000001 0x00FA31
192.168.1.0     2.2.2.2         837         0x80000001 0x009A2F

multi-area is not necessary; i just made it that way...

the public address range is 200.

the important part here is nat...

nat happens on the border between inside and outside, or r2...

R2#sh run int f0/0
Building configuration...

Current configuration : 111 bytes
!
interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 ip nat inside

R2#sh run int f0/1
Building configuration...

Current configuration : 110 bytes
!
interface FastEthernet0/1
 ip address 200.1.1.2 255.255.255.0
 ip nat outside

create an acl to permit inside traffic...

R2#sh access-list
Standard IP access list 1
    10 permit 192.168.1.0, wildcard bits 0.0.0.255

create a pool for dynamic allocation...

ip nat pool test 192.168.1.10 192.168.1.20 prefix-length 24

note the range i used...  bind the pool to the list...

ip nat inside source list 1 pool test

and that is all that's needed...

R1#ping 200.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.3, timeout is 2 seconds:
!!!!!


R2#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.1.10:4    192.168.1.1:4      200.1.1.3:4        200.1.1.3:4


Posted by arteq at Thursday, December 06, 2012
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)