ip route 209.165.200.232 255.255.255.248 Serial1/2
ip route 209.165.200.248 255.255.255.248 Serial1/1
for discussions on nat try this for starters... or elsewhere in the ccna section here...
http://insearchofthecert.blogspot.com/search/label/NAT
it is also covered quite well in the ccna syllabus, cisco.com and a million other sites... nat is not the point of this lab and neither are acl's, gre, vpn, etc... these items will be covered briefly within the context of the lab...
it is a lab... time to put your imagination hat on...
branch
ip access-list ext branch_acl
deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip nat pool branch_nat 209.165.200.249 209.165.200.254 prefix-length 29
ip nat inside source list branch_acl pool branch_nat
int lo0
ip nat inside
int s1/1
ip nat outside
essentially: do not translate branch lan to hq lan addresses but allow branch lan to other internet destinations...
define the translation address pool, set constraints and identify the interfaces...
similarly, with some additions...
hq
ip access-list ext hq_acl
deny ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip 10.10.0.0 0.0.255.255 any
int lo1
des hq mail
ip add 10.10.20.238 255.255.255.0
ip nat pool hq_nat 209.165.200.233 209.165.200.237 prefix-length 29
ip nat inside source list hq_acl pool hq_nat
ip nat inside source static 10.10.20.238 209.165.200.238
int lo0
ip nat inside
int lo1
ip nat inside
int s1/2
ip nat outside
branch#sh ip nat stati
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial1/1
Inside interfaces:
Loopback0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list branch_acl pool branch_nat refcount 0
pool branch_nat: netmask 255.255.255.248
start 209.165.200.249 end 209.165.200.254
type generic, total addresses 6, allocated 0 (0%), misses 0
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
hq#sh ip nat stati
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial1/2
Inside interfaces:
Loopback0, Loopback1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list hq_acl pool hq_nat refcount 0
pool hq_nat: netmask 255.255.255.248
start 209.165.200.233 end 209.165.200.237
type generic, total addresses 5, allocated 0 (0%), misses 0
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
branch#ping 209.165.200.238 rep 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 209.165.200.238, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 8/11/16 ms
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 209.165.200.238, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 8/11/16 ms
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Outside interfaces:
Serial1/2
Inside interfaces:
Loopback0, Loopback1
Hits: 30 Misses: 0
CEF Translated packets: 15, CEF Punted packets: 0
Expired translations: 1
Dynamic mappings:
-- Inside Source
[Id: 1] access-list hq_acl pool hq_nat refcount 0
pool hq_nat: netmask 255.255.255.248
start 209.165.200.233 end 209.165.200.237
type generic, total addresses 5, allocated 0 (0%), misses 0
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
hq#
foreach address {
209.165.200.241
209.165.202.129
209.165.200.226
209.165.200.238
} { ping $address source 192.168.1.1 }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.241, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.226, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.238, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms
No comments:
Post a Comment