1
In this post we are going to see how to configure NAT with PAT(Port Address Translation) using packet tracer in a cisco routers.


Step 1:Create topology like this,





Step 2:Configure ip address to all router interfaces and PC's like i have given in a topology.



In Router R1,global config mode


R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit

R1(config)#interface fastethernet 1/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit

In Router R2,global config mode

R2(config)#interface fastethernet 1/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit

R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit



Step 3:Access list Configuration for 10.0.0.0 network,I am going to configure standard access list for this.

In Router R1,global configuration mode

R1(config)#access-list 10 permit 10.0.0.0 0.255.255.255



Step 4:Here,interface fastethernet0/0 is inside and interface fastethernet1/0 is outside.


R1(config)#interface fastethernet0/0
R1(config-if)#ip nat inside
R1(config-if)#exit

R1(config)#interface fastethernet1/0
R1(config-if)#ip nat outside
R1(config-if)#exit



Step 5:configure the NAT PAT with access list 10,


R1(config)#ip nat inside source list 10 interface fastethernet1/0
(or)
R1(config)#ip nat inside source list 10 interface fastethernet1/0 overload


         First is command will not force the router to use ports but in Second command 'Overload' will force the router to use ports from 1024-65535 for the translation.So,this is called as Port Address Translation.


Step 6:Now,Configure static default route to forward all packets to any network to next hop 20.0.0.2 or exit interface.


R1(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
(or)
R1(config)#ip route 0.0.0.0 0.0.0.0 fastethernet1/0



Here,this both command do the same but, Distance metric for this network by default is 1and for the second .Both will forward packets to 20.0.0.2 that goes to any destination address.


Step 7:Now go router R1 and give this command in privileged mode,

R1#debug ip nat

             we can see translation when PC accessing host in public network.


Step 8:Click on PC->Desktop->command prompt->ping 30.0.0.10 and press 'enter'.Do this in all 5PC's immediately then only router use the ports from 1024-65,535 and go check router R1 to see translation.I have got,






NAT translations in Router R1,i will show you some translations alone.


NAT*: s=30.0.0.10, d=20.0.0.1->10.0.0.255 [24]

NAT: s=10.0.0.255->20.0.0.1, d=30.0.0.10 [4]

NAT*: s=30.0.0.10, d=20.0.0.1->10.0.0.255 [25]

NAT: s=10.0.255.255->20.0.0.1, d=30.0.0.10 [1]


Router will wait 30 seconds after that translations will be expired and ip address will be available again


NAT: expiring 20.0.0.1 (10.0.255.255) icmp 1024 (1)

NAT: expiring 20.0.0.1 (10.0.255.255) icmp 1025 (2)

NAT: expiring 20.0.0.1 (10.0.255.255) icmp 1026 (3)

NAT: expiring 20.0.0.1 (10.0.255.255) icmp 1027 (4)

NAT: expiring 20.0.0.1 (10.255.255.254) icmp 1028 (1)

NAT: expiring 20.0.0.1 (10.255.255.254) icmp 1029 (2)

NAT: expiring 20.0.0.1 (10.255.255.254) icmp 1030 (3)

NAT: expiring 20.0.0.1 (10.0.0.10) icmp 21 (21)

NAT: expiring 20.0.0.1 (10.255.255.254) icmp 1031 (4)

NAT: expiring 20.0.0.1 (10.0.0.10) icmp 22 (22)



Troubleshooting commands,


R1#show ip nat translations 
R1#show ip nat statistics
R1#clear ip nat translation *
R1#show running-config
R1#show ip route

Post a Comment

  1. Thanks for sharing your view to our knowledge’s, its helps me plenty keep sharing…
    ccna course in Chennai

    ReplyDelete

 
Top