SlideShare a Scribd company logo

Icnd210 s07l01

Download as PPT, PDF
C
computerlenguyen

This document discusses network address translation (NAT) and port address translation (PAT). It provides configuration examples for static NAT, dynamic NAT, and NAT overloading. It also describes commands for verifying NAT configuration and troubleshooting NAT issues, such as using show commands to check the NAT translation table and statistics. The examples illustrate how to configure NAT on a router to translate internal IP addresses to external global IP addresses when routing traffic between inside and outside networks.

Education
1 of 26
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-2 Network Address Translation  An IP address is either local or global.  Local IPv4 addresses are seen in the inside network.  Global IPv4 addresses are seen in the outside network.
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-3 Port Address Translation
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-4 Translating Inside Source Addresses
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-5  Establishes static translation between an inside local address and an inside global address RouterX(config)# ip nat inside source static local-ip global-ip  Marks the interface as connected to the inside RouterX(config-if)# ip nat inside  Marks the interface as connected to the outside RouterX(config-if)# ip nat outside  Displays active translations RouterX# show ip nat translations Configuring and Verifying Static Translation
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-6 Enabling Static NAT Address Mapping Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.1.2 10.1.1.2 --- --- interface s0 ip address 192.168.1.1 255.255.255.0 ip nat outside ! interface e0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! ip nat inside source static 10.1.1.2 192.168.1.2
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-7  Establishes dynamic source translation, specifying the ACL that was defined in the previous step RouterX(config)# ip nat inside source list access-list-number pool name  Defines a pool of global addresses to be allocated as needed RouterX(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}  Defines a standard IP ACL permitting those inside local addresses that are to be translated RouterX(config)# access-list access-list-number permit source [source-wildcard]  Displays active translations RouterX# show ip nat translations Configuring and Verifying Dynamic Translation
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-8 Dynamic Address Translation Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 171.69.233.209 192.168.1.100 --- --- --- 171.69.233.210 192.168.1.101 --- ---
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-9 Overloading an Inside Global Address
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-10 Configuring Overloading  Establishes dynamic source translation, specifying the ACL that was defined in the previous step RouterX(config)# ip nat inside source list access-list-number interface interface overload  Defines a standard IP ACL that will permit the inside local addresses that are to be translated RouterX(config)# access-list access-list-number permit source source-wildcard  Displays active translations RouterX# show ip nat translations
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-11 Overloading an Inside Global Address Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global TCP 172.17.38.1:1050 192.168.3.7:1050 10.1.1.1:23 10.1.1.1:23 TCP 172.17.38.1:1776 192.168.4.12:1776 10.2.2.2:25 10.2.2.2:25 hostname RouterX ! interface Ethernet0 ip address 192.168.3.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 192.168.4.1 255.255.255.0 ip nat inside ! interface Serial0 description To ISP ip address 172.17.38.1 255.255.255.0 ip nat outside ! ip nat inside source list 1 interface Serial0 overload ! ip route 0.0.0.0 0.0.0.0 Serial0 ! access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255 !
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-12  Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation RouterX# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]  Clears all dynamic address translation entries RouterX# clear ip nat translation *  Clears a simple dynamic translation entry that contains an outside translation RouterX# clear ip nat translation outside local-ip global-ip  Clears an extended dynamic translation entry (PAT entry) RouterX# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] Clearing the NAT Translation Table
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-13 Translation Not Occurring: Translation Not Installed in the Table Verify that:  There are no inbound ACLs that are denying the packets entry to the NAT router  The ACL referenced by the NAT command is permitting all necessary networks  There are enough addresses in the NAT pool  The router interfaces are appropriately defined as NAT inside or NAT outside
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-14 RouterX# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 … Displaying Information with show and debug Commands RouterX# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23312] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-15 Verify:  What the NAT configuration is supposed to accomplish  That the NAT entry exists in the translation table and that it is accurate  That the translation is actually taking place by monitoring the NAT process or statistics  That the NAT router has the appropriate route in the routing table if the packet is going from inside to outside  That all necessary routers have a return route back to the translated address Translation Occurring: Installed Translation Entry Not Being Used
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-16 Sample Problem: Cannot Ping Remote Host
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-17 Sample Problem: Cannot Ping Remote Host (Cont.) There are no translations in the table. RouterA# show ip nat translations Pro Inside global Inside local Outside local Outside global --- --- --- --- --- ---
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-18 Sample Problem: Cannot Ping Remote Host (Cont.) The router interfaces are inappropriately defined as NAT inside and NAT outside. RouterA# show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0 Inside interfaces: Serial0 Hits: 0 Misses: 0 …
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-19 Sample Problem: Cannot Ping Remote Host (Cont.)  Pings are still failing and there are still no translations in the table.  There is an incorrect wildcard bit mask in the ACL that defines the addresses to be translated. RouterA# show access-list Standard IP access list 20 10 permit 0.0.0.0, wildcard bits 255.255.255.0
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-20 Sample Problem: Cannot Ping Remote Host (Cont.)  Translations are now occurring.  Pings are still failing. RouterA# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 172.16.17.20 192.168.1.2 --- ---
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-21 Sample Problem: Cannot Ping Remote Host (Cont.) Router B has no route to the translated network address of 172.16.0.0. RouterB# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0/24 is directly connected, Serial0 192.168.2.0/24 is subnetted, 1 subnets R 192.168.2.0/24 is directly connected, Ethernet0 192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks R 192.168.1.0/24 [120/1] via 10.1.1.1, 2d19h, Serial0
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-22 Sample Problem: Cannot Ping Remote Host (Cont.) Router A is advertising the network that is being translated, 192.168.1.0, instead of the network address the router is translating into,172.16.0.0. RouterA# sh ip protocol Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 1, receive any version Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-23 Solution: Corrected Configuration
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-24 Visual Objective 7-1: Configuring NAT and PAT WG Router s0/0/0 Router fa0/0 Switch A 10.140.1.2 10.2.2.3 10.2.2.11 B 10.140.2.2 10.3.3.3 10.3.3.11 C 10.140.3.2 10.4.4.3 10.4.4.11 D 10.140.4.2 10.5.5.3 10.5.5.11 E 10.140.5.2 10.6.6.3 10.6.6.11 F 10.140.6.2 10.7.7.3 10.7.7.11 G 10.140.7.2 10.8.8.3 10.8.8.11 H 10.140.8.2 10.9.9.3 10.9.9.11
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-25 Summary  There are three types of NAT: static, dynamic, and overloading (PAT).  Static NAT is one-to-one address mapping. Dynamic NAT addresses are picked from a pool.  NAT overloading (PAT) allows you to map many inside addresses to one outside address.  Use the show ip nat translation command to display the translation table and verify that translation has occurred.  To determine if a current translation entry is being used, use the show ip nat statistics command to check the hits counter.
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-26

Recommended

Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
computerlenguyen
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
computerlenguyen
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 s05l02
Icnd210 s05l02Icnd210 s05l02
Icnd210 s05l02
computerlenguyen
 
Icnd210 s07l03
Icnd210 s07l03Icnd210 s07l03
Icnd210 s07l03
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
 

Recommended

Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
computerlenguyen
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
computerlenguyen
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 s05l02
Icnd210 s05l02Icnd210 s05l02
Icnd210 s05l02
computerlenguyen
 
Icnd210 s07l03
Icnd210 s07l03Icnd210 s07l03
Icnd210 s07l03
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
computerlenguyen
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 
CCNA Icnd110 s04l10
CCNA Icnd110 s04l10CCNA Icnd110 s04l10
CCNA Icnd110 s04l10
computerlenguyen
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
computerlenguyen
 
CCNA Icnd110 s05l01
CCNA Icnd110 s05l01CCNA Icnd110 s05l01
CCNA Icnd110 s05l01
computerlenguyen
 
CCNA Icnd110 s06l01
CCNA Icnd110 s06l01 CCNA Icnd110 s06l01
CCNA Icnd110 s06l01
computerlenguyen
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
computerlenguyen
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
computerlenguyen
 
CCNA Icnd110 s05l04
CCNA Icnd110 s05l04CCNA Icnd110 s05l04
CCNA Icnd110 s05l04
computerlenguyen
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
computerlenguyen
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
computerlenguyen
 
Icnd210 s02l03
Icnd210 s02l03Icnd210 s02l03
Icnd210 s02l03
computerlenguyen
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
computerlenguyen
 
Icnd210 s02l01
Icnd210 s02l01Icnd210 s02l01
Icnd210 s02l01
computerlenguyen
 
Icnd210 s08l05
Icnd210 s08l05Icnd210 s08l05
Icnd210 s08l05
computerlenguyen
 
CCNA Icnd110 s05l02
CCNA Icnd110 s05l02CCNA Icnd110 s05l02
CCNA Icnd110 s05l02
computerlenguyen
 
Icnd210 s03l01
Icnd210 s03l01Icnd210 s03l01
Icnd210 s03l01
computerlenguyen
 
Icnd210 s01l01
Icnd210 s01l01Icnd210 s01l01
Icnd210 s01l01
computerlenguyen
 
[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm1 2d
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 

More Related Content

What's hot

Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 
CCNA Icnd110 s04l10
CCNA Icnd110 s04l10CCNA Icnd110 s04l10
CCNA Icnd110 s04l10
computerlenguyen
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
computerlenguyen
 
CCNA Icnd110 s05l01
CCNA Icnd110 s05l01CCNA Icnd110 s05l01
CCNA Icnd110 s05l01
computerlenguyen
 
CCNA Icnd110 s06l01
CCNA Icnd110 s06l01 CCNA Icnd110 s06l01
CCNA Icnd110 s06l01
computerlenguyen
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
computerlenguyen
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
computerlenguyen
 
CCNA Icnd110 s05l04
CCNA Icnd110 s05l04CCNA Icnd110 s05l04
CCNA Icnd110 s05l04
computerlenguyen
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
computerlenguyen
 
Icnd210 s02l03
Icnd210 s02l03Icnd210 s02l03
Icnd210 s02l03
computerlenguyen
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
computerlenguyen
 
Icnd210 s02l01
Icnd210 s02l01Icnd210 s02l01
Icnd210 s02l01
computerlenguyen
 
Icnd210 s08l05
Icnd210 s08l05Icnd210 s08l05
Icnd210 s08l05
computerlenguyen
 
CCNA Icnd110 s05l02
CCNA Icnd110 s05l02CCNA Icnd110 s05l02
CCNA Icnd110 s05l02
computerlenguyen
 
Icnd210 s03l01
Icnd210 s03l01Icnd210 s03l01
Icnd210 s03l01
computerlenguyen
 
Icnd210 s01l01
Icnd210 s01l01Icnd210 s01l01
Icnd210 s01l01
computerlenguyen
 

What's hot (20)

Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
 
CCNA Icnd110 s04l10
CCNA Icnd110 s04l10CCNA Icnd110 s04l10
CCNA Icnd110 s04l10
 
Icnd210 s03l02
Icnd210 s03l02Icnd210 s03l02
Icnd210 s03l02
 
CCNA Icnd110 s05l01
CCNA Icnd110 s05l01CCNA Icnd110 s05l01
CCNA Icnd110 s05l01
 
CCNA Icnd110 s06l01
CCNA Icnd110 s06l01 CCNA Icnd110 s06l01
CCNA Icnd110 s06l01
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
 
Icnd210 s02l02
Icnd210 s02l02Icnd210 s02l02
Icnd210 s02l02
 
Eigrp authentication
Eigrp authenticationEigrp authentication
Eigrp authentication
 
CCNA Icnd110 s05l04
CCNA Icnd110 s05l04CCNA Icnd110 s05l04
CCNA Icnd110 s05l04
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
 
CCNA Icnd110 s06l02
CCNA Icnd110 s06l02CCNA Icnd110 s06l02
CCNA Icnd110 s06l02
 
Icnd210 s02l03
Icnd210 s02l03Icnd210 s02l03
Icnd210 s02l03
 
Icnd210 s06l03
Icnd210 s06l03Icnd210 s06l03
Icnd210 s06l03
 
Icnd210 s02l01
Icnd210 s02l01Icnd210 s02l01
Icnd210 s02l01
 
Icnd210 s08l05
Icnd210 s08l05Icnd210 s08l05
Icnd210 s08l05
 
CCNA Icnd110 s05l02
CCNA Icnd110 s05l02CCNA Icnd110 s05l02
CCNA Icnd110 s05l02
 
Icnd210 s03l01
Icnd210 s03l01Icnd210 s03l01
Icnd210 s03l01
 
Icnd210 s01l01
Icnd210 s01l01Icnd210 s01l01
Icnd210 s01l01
 

Viewers also liked

[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm1 2d
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
Vlsm workbook instructors edition v2 0-solucionario
Vlsm workbook instructors edition v2 0-solucionarioVlsm workbook instructors edition v2 0-solucionario
Vlsm workbook instructors edition v2 0-solucionario
Jose Eduardo Osorio Marroquin
 
CCNA Icnd110 s02l05
CCNA Icnd110 s02l05CCNA Icnd110 s02l05
CCNA Icnd110 s02l05
computerlenguyen
 
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
Vuz Dở Hơi
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guide
Siddhartha Rajbhatt
 

Viewers also liked (6)

[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm[Ccna] subnetting & vlsm
[Ccna] subnetting & vlsm
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
 
Vlsm workbook instructors edition v2 0-solucionario
Vlsm workbook instructors edition v2 0-solucionarioVlsm workbook instructors edition v2 0-solucionario
Vlsm workbook instructors edition v2 0-solucionario
 
CCNA Icnd110 s02l05
CCNA Icnd110 s02l05CCNA Icnd110 s02l05
CCNA Icnd110 s02l05
 
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guide
 

Similar to Icnd210 s07l01

Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat
CYBERINTELLIGENTS
 
Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)
CYBERINTELLIGENTS
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PAT
Muuluu
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
Chapter_2_CCNA2
Chapter_2_CCNA2Chapter_2_CCNA2
Chapter_2_CCNA2sunabozu
 
Nat
NatNat
Nat
Elshan86
 
N at
N atN at
N at
Sumit Tambe
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
CCNA Icnd110 s04l05
CCNA Icnd110 s04l05CCNA Icnd110 s04l05
CCNA Icnd110 s04l05
computerlenguyen
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
samreenghauri786
 
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
3Anetwork com
 
Chapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfChapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdf
Buntha Chhay
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccnarobertoxe
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
Waqas Ahmed Nawaz
 
Day 13.1 startingaswitch
Day 13.1 startingaswitchDay 13.1 startingaswitch
Day 13.1 startingaswitch
CYBERINTELLIGENTS
 

Similar to Icnd210 s07l01 (20)

Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat
 
Day 17.1 nat pat (2)
Day 17.1 nat pat (2)Day 17.1 nat pat (2)
Day 17.1 nat pat (2)
 
Nat 07
Nat 07Nat 07
Nat 07
 
Nat 03
Nat 03Nat 03
Nat 03
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PAT
 
Nat pat
Nat patNat pat
Nat pat
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 
Chapter_2_CCNA2
Chapter_2_CCNA2Chapter_2_CCNA2
Chapter_2_CCNA2
 
Nat
NatNat
Nat
 
N at
N atN at
N at
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
 
CCNA Icnd110 s04l05
CCNA Icnd110 s04l05CCNA Icnd110 s04l05
CCNA Icnd110 s04l05
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
 
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
Configuring a Cisco Router as a PPPoE Client for DSL Connectivity
 
Chapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdfChapter 5-Network Address Translation.pdf
Chapter 5-Network Address Translation.pdf
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
 
Day 13.1 startingaswitch
Day 13.1 startingaswitchDay 13.1 startingaswitch
Day 13.1 startingaswitch
 

More from computerlenguyen

Icnd210 s05l03
Icnd210 s05l03Icnd210 s05l03
Icnd210 s05l03
computerlenguyen
 
Icnd210 s04l03
Icnd210 s04l03Icnd210 s04l03
Icnd210 s04l03
computerlenguyen
 
Icnd210 s03l03
Icnd210 s03l03Icnd210 s03l03
Icnd210 s03l03
computerlenguyen
 
Icnd210 s02l06
Icnd210 s02l06Icnd210 s02l06
Icnd210 s02l06
computerlenguyen
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
computerlenguyen
 
Icnd210 s01l02
Icnd210 s01l02Icnd210 s01l02
Icnd210 s01l02
computerlenguyen
 

More from computerlenguyen (8)

Icnd210 s05l03
Icnd210 s05l03Icnd210 s05l03
Icnd210 s05l03
 
Icnd210 s04l03
Icnd210 s04l03Icnd210 s04l03
Icnd210 s04l03
 
Icnd210 s03l03
Icnd210 s03l03Icnd210 s03l03
Icnd210 s03l03
 
Icnd210 s02l06
Icnd210 s02l06Icnd210 s02l06
Icnd210 s02l06
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
 
Icnd210 s01l02
Icnd210 s01l02Icnd210 s01l02
Icnd210 s01l02
 
Icnd210 lg
Icnd210 lgIcnd210 lg
Icnd210 lg
 
Icnd210 s00
Icnd210 s00Icnd210 s00
Icnd210 s00
 

Recently uploaded

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 

Recently uploaded (20)

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 

Icnd210 s07l01

  • 1. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT
  • 2. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-2 Network Address Translation  An IP address is either local or global.  Local IPv4 addresses are seen in the inside network.  Global IPv4 addresses are seen in the outside network.
  • 3. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-3 Port Address Translation
  • 4. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-4 Translating Inside Source Addresses
  • 5. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-5  Establishes static translation between an inside local address and an inside global address RouterX(config)# ip nat inside source static local-ip global-ip  Marks the interface as connected to the inside RouterX(config-if)# ip nat inside  Marks the interface as connected to the outside RouterX(config-if)# ip nat outside  Displays active translations RouterX# show ip nat translations Configuring and Verifying Static Translation
  • 6. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-6 Enabling Static NAT Address Mapping Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.1.2 10.1.1.2 --- --- interface s0 ip address 192.168.1.1 255.255.255.0 ip nat outside ! interface e0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! ip nat inside source static 10.1.1.2 192.168.1.2
  • 7. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-7  Establishes dynamic source translation, specifying the ACL that was defined in the previous step RouterX(config)# ip nat inside source list access-list-number pool name  Defines a pool of global addresses to be allocated as needed RouterX(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}  Defines a standard IP ACL permitting those inside local addresses that are to be translated RouterX(config)# access-list access-list-number permit source [source-wildcard]  Displays active translations RouterX# show ip nat translations Configuring and Verifying Dynamic Translation
  • 8. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-8 Dynamic Address Translation Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 171.69.233.209 192.168.1.100 --- --- --- 171.69.233.210 192.168.1.101 --- ---
  • 9. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-9 Overloading an Inside Global Address
  • 10. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-10 Configuring Overloading  Establishes dynamic source translation, specifying the ACL that was defined in the previous step RouterX(config)# ip nat inside source list access-list-number interface interface overload  Defines a standard IP ACL that will permit the inside local addresses that are to be translated RouterX(config)# access-list access-list-number permit source source-wildcard  Displays active translations RouterX# show ip nat translations
  • 11. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-11 Overloading an Inside Global Address Example RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside global TCP 172.17.38.1:1050 192.168.3.7:1050 10.1.1.1:23 10.1.1.1:23 TCP 172.17.38.1:1776 192.168.4.12:1776 10.2.2.2:25 10.2.2.2:25 hostname RouterX ! interface Ethernet0 ip address 192.168.3.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 192.168.4.1 255.255.255.0 ip nat inside ! interface Serial0 description To ISP ip address 172.17.38.1 255.255.255.0 ip nat outside ! ip nat inside source list 1 interface Serial0 overload ! ip route 0.0.0.0 0.0.0.0 Serial0 ! access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255 !
  • 12. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-12  Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation RouterX# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]  Clears all dynamic address translation entries RouterX# clear ip nat translation *  Clears a simple dynamic translation entry that contains an outside translation RouterX# clear ip nat translation outside local-ip global-ip  Clears an extended dynamic translation entry (PAT entry) RouterX# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] Clearing the NAT Translation Table
  • 13. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-13 Translation Not Occurring: Translation Not Installed in the Table Verify that:  There are no inbound ACLs that are denying the packets entry to the NAT router  The ACL referenced by the NAT command is permitting all necessary networks  There are enough addresses in the NAT pool  The router interfaces are appropriately defined as NAT inside or NAT outside
  • 14. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-14 RouterX# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 … Displaying Information with show and debug Commands RouterX# debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23312] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
  • 15. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-15 Verify:  What the NAT configuration is supposed to accomplish  That the NAT entry exists in the translation table and that it is accurate  That the translation is actually taking place by monitoring the NAT process or statistics  That the NAT router has the appropriate route in the routing table if the packet is going from inside to outside  That all necessary routers have a return route back to the translated address Translation Occurring: Installed Translation Entry Not Being Used
  • 16. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-16 Sample Problem: Cannot Ping Remote Host
  • 17. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-17 Sample Problem: Cannot Ping Remote Host (Cont.) There are no translations in the table. RouterA# show ip nat translations Pro Inside global Inside local Outside local Outside global --- --- --- --- --- ---
  • 18. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-18 Sample Problem: Cannot Ping Remote Host (Cont.) The router interfaces are inappropriately defined as NAT inside and NAT outside. RouterA# show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0 Inside interfaces: Serial0 Hits: 0 Misses: 0 …
  • 19. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-19 Sample Problem: Cannot Ping Remote Host (Cont.)  Pings are still failing and there are still no translations in the table.  There is an incorrect wildcard bit mask in the ACL that defines the addresses to be translated. RouterA# show access-list Standard IP access list 20 10 permit 0.0.0.0, wildcard bits 255.255.255.0
  • 20. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-20 Sample Problem: Cannot Ping Remote Host (Cont.)  Translations are now occurring.  Pings are still failing. RouterA# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 172.16.17.20 192.168.1.2 --- ---
  • 21. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-21 Sample Problem: Cannot Ping Remote Host (Cont.) Router B has no route to the translated network address of 172.16.0.0. RouterB# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0/24 is directly connected, Serial0 192.168.2.0/24 is subnetted, 1 subnets R 192.168.2.0/24 is directly connected, Ethernet0 192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks R 192.168.1.0/24 [120/1] via 10.1.1.1, 2d19h, Serial0
  • 22. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-22 Sample Problem: Cannot Ping Remote Host (Cont.) Router A is advertising the network that is being translated, 192.168.1.0, instead of the network address the router is translating into,172.16.0.0. RouterA# sh ip protocol Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 1, receive any version Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)
  • 23. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-23 Solution: Corrected Configuration
  • 24. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-24 Visual Objective 7-1: Configuring NAT and PAT WG Router s0/0/0 Router fa0/0 Switch A 10.140.1.2 10.2.2.3 10.2.2.11 B 10.140.2.2 10.3.3.3 10.3.3.11 C 10.140.3.2 10.4.4.3 10.4.4.11 D 10.140.4.2 10.5.5.3 10.5.5.11 E 10.140.5.2 10.6.6.3 10.6.6.11 F 10.140.6.2 10.7.7.3 10.7.7.11 G 10.140.7.2 10.8.8.3 10.8.8.11 H 10.140.8.2 10.9.9.3 10.9.9.11
  • 25. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-25 Summary  There are three types of NAT: static, dynamic, and overloading (PAT).  Static NAT is one-to-one address mapping. Dynamic NAT addresses are picked from a pool.  NAT overloading (PAT) allows you to map many inside addresses to one outside address.  Use the show ip nat translation command to display the translation table and verify that translation has occurred.  To determine if a current translation entry is being used, use the show ip nat statistics command to check the hits counter.
  • 26. © 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-26

Editor's Notes

  1. <number>
  2. <number>
  3. <number>
  4. <number>
  5. <number>
  6. <number>
  7. <number>
  8. <number>
  9. <number>
  10. <number>
  11. <number>
  12. <number>
  13. <number>
  14. <number>
  15. <number>
  16. <number>
  17. <number>
  18. <number>
  19. <number>
  20. <number>
  21. <number>
  22. <number> Lab 13 ACL Note: Refer to the lab setup guide for lab instructions.