| [ LiB ] |   |
Practical Exercise 12-2 Solution
These are the steps necessary to configure this Practical Exercise:
- Configure your network interfaces:
! Configuration items for R1: R1(config)#interface ethernet 0 R1(config-if)#ip address 10.10.1.1 255.255.255.0 R1(config-if)#exit R1(config)#interface Serial0 R1(config-if)#ip address 10.10.14.1 255.255.255.252 R1(config-if)#exit ! Configuration items for R4: R4(config)#interface serial 0 R4(config-if)#ip address 10.10.14.2 255.255.255.252 R4(config-if)#ip nat outside R4(config-if)#exit R4(config)#interface ethernet 0 R4(config-if)#ip address 172.16.47.1 255.255.255.0 R4(config-if)#ip nat inside R4(config-if)#exit ! Configuration items for R7: R7(config)#interface Loopback0 R7(config-if)#ip address 10.10.7.7 255.255.255.255 R7(config-if)#exit R7(config)#interface ethernet 0 R7(config-if)#ip address 172.16.47.7 255.255.255.0 R7(config-if)#exit
- Configure your static routing to ensure network connectivity. Remember that you can also use a routing protocol to accomplish this task.
! Configuration items for R1: R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.14.2 ! Configuration items for R4: R4(config)#ip route 10.10.1.0 255.255.255.0 192.168.14.1 R4(config)#ip route 10.10.7.7 255.255.255.255 172.16.47.7 R4(config)#ip route 172.16.48.254 255.255.255.0 Serial1 ! Configuration items for R7: R7(config)#ip route 0.0.0.0 0.0.0.0 172.16.47.1
- Define an access list on R4 so that any traffic that originates from R4's Ethernet 0 network, 10.10.17.0/24, is dynamically translated:
R4(config)#access-list 1 permit 10.10.17.0 0.0.0.255 - Define your dynamic NAT pool on R4. You will name the pool ccna_lab and give it an address range of 172.16.48.200 to 172.16.48.209. You will also associate this pool with an outside translation.
R4(config)#ip nat pool ccna_lab 172.16.48.200 172.16.48.209 netmask 255.255.255.0 R4(config)#ip nat outside source list 1 pool ccna_lab
- Assign the appropriate interfaces into NAT:
R4(config)#interface serial 0 R4(config-if)#ip nat outside R4(config)#interface ethernet 0 R4(config-if)#ip nat inside
You can view the contents of your translation table by issuing the show ip nat translations command. Example 12-12 shows the output of this command when it is issued on R4.
Example 12-12. show ip nat translations Command Output on R4
R4#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.48.200 10.10.17.107 --- ---
Notice that you see only the static translation you created in this output. This entry translates the inside global address back into the inside local address, giving devices on the outside of your network access to the Loopback 0 interface on your network.
Dynamic entries do not appear in the translation table until it receives a packet on its inside interface with a source address permitted by the ACL you createdin this case, ACL 7.
One point to note when working with dynamic NAT is that a device on the outside can't access a device governed by dynamic NAT if the translation does not exist. When your router receives a packet destined for one of the dynamic NAT global addresses, it checks its translation table for an existing translation. Because no match is found, it tries to route the packet, which in this case means back out the serial interface.
The dynamic NAT configuration you have done in this scenario works well when communication between inside and outside network devices is originated only by the inside devices. It does not work well if you decide to add an e-mail server on your network that needs to receive packets originated by the outside. The second part of this scenario is to configure a static NAT entry so that an e-mail server on the outside can originate communication with the e-mail server on your inside network.
| [ LiB ] | |