SECURING PRIVATE ENVIORNMENT         BY USING NAT        PROJECT REPORT
ACKNOWLDGEMENTThe project is based on network addressing translation(nat).The beauty of configuring nat on routers is that...
DESCRIPTIONWe have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data froman...
CONFIGURATIONFOR ORG1%SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one pe...
ORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh%LINK-5-CHANGED: ...
ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask255.255.255.240ORG1...
Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is bei...
FOR ORG2ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ...
ORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10....
Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switch...
FOR ORG3ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ...
ORG3(config)#int s0/0/0ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10....
Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Sw...
REFERENCES •   Wikipedia •   Google •   www.edu.ac.in •   NETMAX TECHNOLOGIES •   CISCO
Nat report2
Upcoming SlideShare
Loading in …5
×

Nat report2

745 views
684 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
745
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
114
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Nat report2

  1. 1. SECURING PRIVATE ENVIORNMENT BY USING NAT PROJECT REPORT
  2. 2. ACKNOWLDGEMENTThe project is based on network addressing translation(nat).The beauty of configuring nat on routers is that it can helpusers access internet on private ip address which areotherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficientbetween 3 different and independent organisations. Thevlans have been divided into web servers and internetclients.
  3. 3. DESCRIPTIONWe have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in eachorganisation and we have created separate vlans for serversand internet clients.If we want the communication between the internet clientsand servers then we configure inter vlan concept on therouter. And if we want to block some internet clients cannotaccess our servers then we create acl for that particular user.These organisations are linked externally to an isp whichprovides live(public) ip addresses to each organisation, andisp also provides the internet connections to others.
  4. 4. CONFIGURATIONFOR ORG1%SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG1ORG1(config)#line console 0ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#line vty 0 4ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exit
  5. 5. ORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG1(config-if)#exitORG1(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 10.0.0.1 255.0.0.0ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int f0/0.2ORG1(config-subif)#encapsulation dot1q 3ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 192.168.10.1 255.255.255.240ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int s0/0/0ORG1(config-if)#ip nat outsideORG1(config-if)#clock rate 64000ORG1(config-if)#ip address 200.10.10.5 255.255.255.252ORG1(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG1(config-if)#exitORG1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0We have place our web server in the private area so that the internet client cannotdirectly access it. So, we have configured static nat and open port number 80(http)only.ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80In our organisation our clients want to access internet so we will configuredynamic nat with overload for clients.
  6. 6. ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmax overloadORG1(config)#exitORG1#wrBuilding configuration...[OK]ORG1#SWITCH
  7. 7. Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  8. 8. FOR ORG2ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG2ORG2(config)#line console 0ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#line vty 0 4ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#enable password netORG2(config)#enable secret net1ORG2(config)#int f0/0ORG2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG2(config-if)#exitORG2(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 10.0.0.1 255.0.0.0ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int f0/0.2ORG2(config-subif)#encapsulation dot1q 3ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 192.168.10.1 255.255.255.240ORG2(config-subif)#no shORG2(config-subif)#exit
  9. 9. ORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10.9 255.255.255.252ORG2(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG2(config-if)#exitORG2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG2(config)#ip nat inside source static 10.0.0.2 200.10.10.33ORG2(config)#access-list 20 permit anyORG2(config)#ip nat pool netmax 200.10.10.34 200.10.10.36 netmask255.255.255.240ORG2(config)#ip nat inside source list 20 pool netmaxORG2(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG2#wrBuilding configuration...[OK]ORG2#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....
  10. 10. Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  11. 11. FOR ORG3ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG3ORG3(config)#line console 0ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#line vty 0 4ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#enable password netORG3(config)#enable secret net1ORG3(config)#int f0/0ORG3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG3(config-if)#exitORG3(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 10.0.0.1 255.0.0.0ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int f0/0.2ORG3(config-subif)#encapsulation dot1q 3ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 192.168.10.1 255.255.255.240ORG3(config-subif)#no shORG3(config-subif)#exit
  12. 12. ORG3(config)#int s0/0/0ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10.13 255.255.255.252ORG3(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG3(config-if)#exitORG3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG3(config)#ip nat inside source static 10.0.0.2 200.10.10.50ORG3(config)#access-list 20 permit anyORG3(config)#ip nat pool netmax 200.10.10.51 200.10.10.51 netmask255.255.255.240ORG3(config)#ip nat inside source list 20 pool netmax overloadORG3(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG3#wrBuilding configuration...[OK]ORG3#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.
  13. 13. Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  14. 14. REFERENCES • Wikipedia • Google • www.edu.ac.in • NETMAX TECHNOLOGIES • CISCO

×