Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
Before we move on to the configuration section and actually use the commands I just talked
about, let’s go through a couple of NAT examples and see if you can figure out the configuration
that needs to be used. To start, look at Figure 7.7 and ask yourself two things: Where
would you implement NAT in this design, and what type of NAT would you configure?
FIGURE 7 . 5 NAT example
In Figure 7.4, the NAT configuration would be placed on the corporate router and the configuration
would be dynamic NAT with overload (PAT). In this NAT example, what type of
NAT is being used?
ip nat pool todd-nat 170.168.10.10 170.168.10.20 netmask 255.255.255.0
The above command uses dynamic NAT. The pool in the command gives the answer away,
plus there is more then one address in the pool, which means we probably are not using PAT. In
the next NAT example, we’ll use Figure 7.8 to see if we can figure out the configuration needed.
346 Chapter 7 Implement, verify, and troubleshoot NAT and ACLs
FIGURE 7 . 6 Another NAT example
The example in Figure 7.6 shows a border router that needs to be configured with NAT and
will allow the use of six public IP addresses, 192.1.2.109 through 114. However, on the inside
network, you have 63 hosts that use the private addresses of 192.168.10.65 through 126.
What would your NAT configuration be on the border router?
Two different answers would work here, but the following would be my first choice:
ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248
access-list 1 permit 192.168.10.64 0.0.0.63
ip nat inside source list 1 pool Todd overload
The command ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248
sets the pool name as Todd and creates a dynamic pool of addresses for the NAT to use address
192.1.2.109. Instead of the netmask command, you can use the prefix-length 29 statement.
(And I know what you’re thinking, but no, you cannot do this on router interfaces as well.)
The second answer would end up with the exact same result of having only 192.1.2.109 as your
inside global, but you can type this in and have it work too: ip nat pool Todd 102.1.2.109
192.1.2.114 netmask 255.255.255.248. This is a waste because the second through sixth
addresses would only be used if there was a conflict with a TCP port number.
The command ip nat inside source list 1 pool Todd overload command sets the
dynamic pool to use PAT by using the overload command.
Be sure to add the ip nat inside and ip nat outside statements on the appropriate
interfaces.
Exam Objectives
Remember to always check your interface configurations when troubleshooting NAT. Be
sure to add the ip nat inside and ip nat outside statements on the appropriate interfaces.
Remember to check for the overload command if using Port Address Translation (PAT).
The command ip nat inside source list list-number pool pool-name overload command
sets the dynamic pool to use PAT by using the overload command.
No comments:
Post a Comment