NAT (Static NAT & Dynamic NAT)

Overview Static NAT & Dynamic NAT

Every LAN design is used by Private IP address. So LAN cannot access to outside or Internet. by allowing every LAN to reach the outside network with unspecific network or Internet, we need best solution with NAT . NAT is one of technology use for translate Private IP to Public IP and backward. There are many type of NAT:

Static NAT – Use to translate 1 private IP to 1 public IP . (Ex: suppose that you have only 1 public IP address and backward, so there is only one host can access to Internet at the same session.
Dynamic NAT – Use to translate many private IP to many public IP . (Ex: suppose that you have 3 public IP address, so there are only 3 hosts can access to Internet at the same current session. If one of 3 hosts was disconnect from Internet, the 4th host can access to Internet.)

NAT Overload/PAT – Use to translate all private IP address to 1 public IP address and backward. (Ex: suppose we have only 1 public IP address, so all hosts can access to internet)
Port Forwarding – It similar to static NA T , but it was added layer
port. Port Forwarding usually use to allowing outside to access inside host. (Ex: suppose we have internal web sever to hosting for outside accessing, so we have to configure port forwarding.)

Topology Static NAT & Dynamic NAT

NA T_ Static NA T & Dynamic NA T

NA T_ Static NA T & Dynamic NA T

Scenario

In this topology , we may configure Static NAT and Dynamic NAT , but we require you have basic configuration of DHCP, Standard ACL, Extended ACL, Named ACL, and Static Default Route. Suppose you are Network Engineer in Furniture company , so you need to configure some requirement to allow all hosts in Furniture company to access to Internet. You do not need to configure ISP and Cisco company due to we have configured already.

Configuration Task

Note: All IP address we would like to recommend you follow intopology.

  • Task 1: Assign IP Address
    • Assign IP , netmask, gateway and DNS on Sever in Furniture Company.
    • Assign IP and netmask to all R1 interfaces (interface fastethernet 0/0 assign with IP: 1 17.1.1.2/30).
    • Configure DHCP server on R1 to automatically assign to client on network 192.168.2.0/24 by excluding address the first 10 IP addresses.
  • Task 2: Create ACL on R1
    • permit 2 LAN networks to outside.
  • Task 3: Configure Static NAT
    • Allow outside network to access Furniture Company web site.
  • Task 4: Configure Dynamic NA T on R1
    • Create dynamic NA T pool with Public IP address range (1 17.1.1.3/28 – 1 17.1.1.13/28) by pool name Public_Pool.
    • Configure dynamic NAT with Public_Pool and To_Internet ACL.
    • Configure Interface NAT inside and outside.
  • Task 5: Configure Server Services
    • Configure DNS Mapping on Furniture company web server by:
      • www.furniture.com with IP 192.168.1.10
      • www.cisco.com with IP 1 17.1.1.6
    • Configure HTTP and modify some HTML file to be owner of Furniture Company.
  • Task 6: Verify Connectivity
    • Use all PCs to access web site both internal and external
    • Use simulation to identify source IP address was change to public IP address while go through router.
    • All connection should successfully.

NAT (Static NAT & Dynamic NAT) Configuration

R1

Router>enable
Router#configure terminal
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 1 17.1.1.2 255.255.255.240
R1(config-if)#ip nat outside
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 1/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip dhcp pool LAN2
R1(dhcp-config)#network 192.168.2.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.2.1
R1(dhcp-config)#dns-server 192.168.1.10
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.2.1 192.168.2.10
R1(config)#ip access-list standard T o_Internet
R1(config-std-nacl)#permit 192.168.1.0 0.0.0.255
R1(config-std-nacl)#permit 192.168.2.0 0.0.0.255
R1(config-std-nacl)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 1 17.1.1.1
R1(config)#ip nat pool Public_Pool 1 17.1.1.3 1 17.1.1.13 netmask 255.255.255.240
R1(config)#ip nat inside source list T o_Internet pool Public_Pool
R1(config)#ip nat inside source static 192.168.1.10 1 17.1.1.14
R1(config)#ip access-list extended Filter_OutSide_Access
R1(config-ext-nacl)#permit tcp any host 1 17.1.1.14 eq www
R1(config-ext-nacl)#permit icmp any host 1 17.1.1.2
R1(config-ext-nacl)#permit icmp any host 1 17.1.1.14
R1(config-ext-nacl)#permit tcp any any established
R1(config-ext-nacl)#permit udp any eq domain any
R1(config-ext-nacl)#deny ip any any
R1(config-ext-nacl)#exit

Leave a Reply