Nat report2
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Nat report2

on

  • 709 views

 

Statistics

Views

Total Views
709
Views on SlideShare
709
Embed Views
0

Actions

Likes
0
Downloads
113
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Nat report2 Document Transcript

  • 1. SECURING PRIVATE ENVIORNMENT BY USING NAT PROJECT REPORT
  • 2. ACKNOWLDGEMENTThe project is based on network addressing translation(nat).The beauty of configuring nat on routers is that it can helpusers access internet on private ip address which areotherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficientbetween 3 different and independent organisations. Thevlans have been divided into web servers and internetclients.
  • 3. DESCRIPTIONWe have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in eachorganisation and we have created separate vlans for serversand internet clients.If we want the communication between the internet clientsand servers then we configure inter vlan concept on therouter. And if we want to block some internet clients cannotaccess our servers then we create acl for that particular user.These organisations are linked externally to an isp whichprovides live(public) ip addresses to each organisation, andisp also provides the internet connections to others.
  • 4. CONFIGURATIONFOR ORG1%SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG1ORG1(config)#line console 0ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#line vty 0 4ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exit
  • 5. ORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG1(config-if)#exitORG1(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 10.0.0.1 255.0.0.0ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int f0/0.2ORG1(config-subif)#encapsulation dot1q 3ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 192.168.10.1 255.255.255.240ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int s0/0/0ORG1(config-if)#ip nat outsideORG1(config-if)#clock rate 64000ORG1(config-if)#ip address 200.10.10.5 255.255.255.252ORG1(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG1(config-if)#exitORG1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0We have place our web server in the private area so that the internet client cannotdirectly access it. So, we have configured static nat and open port number 80(http)only.ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80In our organisation our clients want to access internet so we will configuredynamic nat with overload for clients.
  • 6. ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmax overloadORG1(config)#exitORG1#wrBuilding configuration...[OK]ORG1#SWITCH
  • 7. Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  • 8. FOR ORG2ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG2ORG2(config)#line console 0ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#line vty 0 4ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#enable password netORG2(config)#enable secret net1ORG2(config)#int f0/0ORG2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG2(config-if)#exitORG2(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 10.0.0.1 255.0.0.0ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int f0/0.2ORG2(config-subif)#encapsulation dot1q 3ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 192.168.10.1 255.255.255.240ORG2(config-subif)#no shORG2(config-subif)#exit
  • 9. ORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10.9 255.255.255.252ORG2(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG2(config-if)#exitORG2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG2(config)#ip nat inside source static 10.0.0.2 200.10.10.33ORG2(config)#access-list 20 permit anyORG2(config)#ip nat pool netmax 200.10.10.34 200.10.10.36 netmask255.255.255.240ORG2(config)#ip nat inside source list 20 pool netmaxORG2(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG2#wrBuilding configuration...[OK]ORG2#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....
  • 10. Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  • 11. FOR ORG3ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG3ORG3(config)#line console 0ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#line vty 0 4ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#enable password netORG3(config)#enable secret net1ORG3(config)#int f0/0ORG3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG3(config-if)#exitORG3(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 10.0.0.1 255.0.0.0ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int f0/0.2ORG3(config-subif)#encapsulation dot1q 3ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 192.168.10.1 255.255.255.240ORG3(config-subif)#no shORG3(config-subif)#exit
  • 12. ORG3(config)#int s0/0/0ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10.13 255.255.255.252ORG3(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG3(config-if)#exitORG3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG3(config)#ip nat inside source static 10.0.0.2 200.10.10.50ORG3(config)#access-list 20 permit anyORG3(config)#ip nat pool netmax 200.10.10.51 200.10.10.51 netmask255.255.255.240ORG3(config)#ip nat inside source list 20 pool netmax overloadORG3(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG3#wrBuilding configuration...[OK]ORG3#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.
  • 13. Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  • 14. REFERENCES • Wikipedia • Google • www.edu.ac.in • NETMAX TECHNOLOGIES • CISCO