Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
This first section will show you how to configure static, dynamic and NAT overload on a
Cisco router using the command line interface (CLI). Then I’ll show you how to configure
NAT on a Cisco router using the Secure Device Manager (SDM).
Static NAT Configuration
Let’s take a look at a simple basic static NAT configuration:
ip nat inside source static 10.1.1.1 170.46.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 170.46.2.1 255.255.255.0
ip nat outside
!
7.7 Configure NAT for given network requirements using (including CLI/SDM) 343
Dynamic NAT Configuration
Dynamic NAT means that we have a pool of addresses that we will use to provide real IP
addresses to a group of users on the inside. We do not use port numbers, so we have to have
real IP addresses for every user trying to get outside the local network.
Here is a sample output of a dynamic NAT configuration:
ip nat pool todd 170.168.2.2 170.168.2.254
netmask 255.255.255.0
ip nat inside source list 1 pool todd
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
PAT (Overloading) Configuration
This last example shows how to configure inside global address overloading. This is the typical
NAT that we would use today. It is rare that we would use static or dynamic NAT unless we
were statically mapping a server, for example.
Here is a sample output of a PAT configuration:
ip nat pool globalnet 170.168.2.1 170.168.2.1
netmask 255.255.255.0
ip nat inside source list 1 pool globalnet overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
344 Chapter 7 Implement, verify, and troubleshoot NAT and ACLs
Configuring NAT using the SDM
Configuring NAT using the SDM is really much easier that anyone would think—except for
you of course, because you’ve already seen it in earlier chapters. Anyway, all you have to do
is click Configure NAT and you get a handy wizard that does a lot more that just hold your
hand to create a NAT rule. You get to pick between a basic and advanced wizard:
Basic NAT Use this wizard if you have some basic PCs/hosts on your trusted network that
need access to the Internet. This wizard will guide you through the process of creating a basic
NAT configuration.
Advanced NAT If you have a DMZ, or servers on your inside network that users from the
outside need to access, you definitely want to opt for the Advanced NAT configuration.
The first screen is the Create NAT Configuration screen (see Figure 7.5).
From here, I’m just going to simply connect up and create a basic NAT. After that, I click
Launch the Selected Task, and get the next screen, which tells me what the Basic NAT Wizard
is going to do (see Figure 7.6).
7.8 Troubleshoot NAT issues 345
As you might guess, it rocks—all I have to do is to click Next to get to a screen from which
I’m able to select all my inside and outside addresses.
Exam Objectives
Remember the command to enable NAT on your inside network. On your inside interface(
s) use the command ip nat inside.
Remember the command to enable NAT on your outside network. On your outside interface(
s) use the command ip nat outside.
Understand the two types of NAT wizards in SDM. The two wizards are Basic NAT
and Advanced NAT. Basic NAT is used if you have some basic PCs/hosts on your trusted network
that need access to the Internet. Advanced NAT is used if you have a DMZ, or servers
on your inside network that users from the outside need to access.
No comments:
Post a Comment