9.2.2.6 Lab - Configuring Dynamic and Static NAT

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- so welcome tour in this video we are going to see the lab activity configuring dynamic and Static match before coming to this lab activity runs if you are watching my channel first time or if you have not subscribed this channel considered subscribing also enable the bell icon near to the subscribe button so that you will get to the notification message whenever I upload the new videos here we can see our topology diagram also a trussing table we will go through the objectives of this lab activity in part 1 build the network and the verify connectivity in party to configure and to verify static NAT in part 3 configure and verify dynamic match also we will go through the background network address translation NAT is the process where a network device such as a Cisco router assigns a public actress to house to device us inside a private network the main reason to use NAT is to reduce the number of public IP addresses that an organization uses because the number of available ipv4 public addresses is limited in this lab an ISP has allocated the public IP address space of 2 node 9 door to 160 5.20 0.224 slams 27 to a company this provides the company with 30 public IP addresses the atrás - 0 0 2 2 5 2 2 0 0 2 4 1 4 a static allocation and from 2 4 2 2 to 5 4 and for dynamic allocation a static route is used to from the isp to the gateway router and a default route is used to from the Gateway to the ISP router the ISP connection to the Internet is simulated by a loopback actress on the ISP router here we can see the regular sources to reuters cisco one name for one one switches is co 2 + 6 0 2 pcs console cables and Ethernet and the serial cables are shown in the top four coming to party one built the network and to verify connectivity in part one we will set up the network topology and the configure of basic settings such as the interface IP addresses static routing device access and passwords now we will come to step one cable the network as shown in the topology attach the devices are shown in the topology diagram and the cable as necessary we are going to build and connect this topology on our Cisco packet tracer to Reuters one nine four one two nine six euro switch to pcs you will rename these devices this is PC - a PC - B this is s1 here we have a gateway this is the ISP now we will connect these devices coming to connections copper straight through yes one f0 star six from this PC - B - f 0 / 18 you have 0 / 5 2g 0 / 1 on this gateway and here we have to add the sale interface coming to the rotor gateway and we are going to put it off here we are going to add 2 port serial high speed of an interface card coming to isp now we are going to select cereal DCE so here we can see at DC Eastside is on ISP so we will start from is p c tilde 0 / 0 / 0 - 0 0 / 0 / 1 on gateway now we will label all the information this is a simulated server sure we connected to you have zeros on our 6 here we connected to your 0 / 18 this is have 0/5 Teresa G 0/1 here we have cereal less Eurostar 0/1 this side is a cereal 0 / 0 / 0 this side is a DCE so here we have a simulated Internet services now we will come to step to configure PC house come into a trussing table here we can see the IP address subnet mask and default gateway of the devices PC - a and a PC - B first of all we will get the IP address of PC - a simulated server here we can see the subnet mask and default to Gateway disturb IP configuration here is the IP address subnet mask default gateway is 1.21 here we can see the IP address of a PC - B subject mask default gateway is 1.21 coming to step 3 initialize and reload the routers and switches as necessary ok we will come to step before configure basic settings for each router consoling to the router and the entire global configuration mode copy the following basic configuration and paste it to the running configuration on the router so here we can see the commands coming to the route or get away CLI no enable configure terminal here we are going to paste those commands also we will paste it on the outer ISP no enable configure terminal and here we are going to paste those commands coming to see configure the hostname as shown in the topology also we have to configure the interface IP address as per our dressing table here we can see the details first of all we will do it on the router or gateway we will set the hostname hostname as a gateway now we will set the IP address for the interface first we will set the IP address for the interface G 0 / 1 interface G 0 / 1 I P address so here is the IP address also the subject mask 255.255.255.0 no shut now we will go to the intro face serial 0 / 0 / 1 here we can see the IP address in the subnet mask your face so serial 0 / 0 / 1 I P extras in this up it to mask 255.255.255.0 - no shutdown copy running-config startup config now we will do it on the rotor isp hostname as isp here we can see the IP address half the interface of serial 0 / 0 / 0 or on this device is b also we can see the subnet mask so we will go to that interface serial 0 / 0 / 0 IP address this subject to mask 255.255.255.0 5 to rush it down I will go to the loopback interface here we can see the IP address also we can see the submit to mask interphase loopback 0ip actress the mask 255.255.255.0 five copy running-config startup-config d copy the running configuration to the startup configuration have we done that on both rotors now we will come to step two five create a simulated web server or an isp yeah create a local user named of abuse or with an encrypted password of the pass here we can see the commands then enable the HTTP server service on isp then configure the HTTP service to use the local user database by giving this command we will do that on the road for isp coming to the rotor isp configure terminal username as abuse or privilege 15 secret us of a pass IP HTTP server so we can see and his command is not supported with our cisco packet race or even this command also not supporting even the real rotor we can give these commands now we will come to step 6 configure static routing in create a static route from the ISP router to the gateway router using that I say in the public network actress range to not 9.16 5.20 0.224 slash 27 here we can see the command also we have to create a default route from the gateway router to the ISP router we will do this now on these routers first of all we will do a turn ISP IP wrote trace the actress then we have to specify the destination prefix mask 255.255.255.0 for we are going to give the for waiting rotors a truss it's a 2.2 1.18 now we will do it on the rotor gateway see SKU enable password is class configure terminal IP route 0.0 0.0 space 0.0.0.0 space courier to specify that for waiting rotors a truss here is that copy running-config startup-config coming to step 7 saver running configuration to the startup configuration here or do we have done that coming to ISP copy running-config startup config now we will come to step 8 verify network and activity from the pc house ping the G 0 / 1 interface on the gateway router troubleshoot if the pings are unsuccessful so we will get the IP address of G 0 / 1 of the device gateway here is that first of all we will do it from PC - a command prompt ping to the interface G 0 / 1 here we can see we are getting the replay coming to PC - B command prompt ping to the router or gateway interface G 0 / 1 sure we can see we are getting the replaying so the things were successful now we'll go to be display the routing tables on both rotors to verify that the static routes are in the routing table and configured correctly on both rotors coming to gateway show IP route 2 here we can see the default route coming to the ISP show IP route and here we can see the static road to be created on this router now we will go to party to configure and verify static NAT static NAT uses a one-to-one mapping of local and global addresses and these mappings are remain constant static net is particularly useful for web servers or devices that must have static addresses that are accessible from the internet coming to step one configure a static mapping a static map is configured to tell the router to translate to between the private in safe server a truss 192.168.1.2 NT and the public address 200 or two to five is allows a user from the internet to access PC - a PC - a is assimilating a server or device with a constant actress that can be accessed from the intranet coming to the configuration on the rotor okay to him configure terminal here we are going to give an IP net inside source static so we are going to give it inside local IP address to one ninety two dot one sixty eight dot one dot twenty now we are going to give it inside a global IP address its to not 9.16 five door to zero 0.225 coming to step to specify the interfaces issue the IP net inside and IP net outside commands to the interfaces so here we can see those commands for the interface g 0/1 its IP net inside and for the interface serial zeros now 0/1 I P net outside so coming to Gateway first we will go to the interface G 0/1 here IP net inside we'll go to interfaces serial 0 / 0 / 1 I pin it outside now we will come to step three best to the configuration yay display the static NAT table by issuing the show IEP net translations command here itself they given the show command show IP net translations and its output here we can see that inside a global insider local coming to Gateway Korea are going to give show IP net translations and here we can see the output what is the translation of the incident ocol host at truss 192.168.1.2 0 is equal to here we can see in order show I been a translations output which will be the insider global at trust to node 9.16 5.20 0.225 next is the insider global actresses are saying to by obviously by the ISP and in act 4 actually is the insert local addresses are saying to by it's by the administrator now we will come to be from PC - a ping the loopback 0 interface that is the actress here we can see that on ISP if the ping was unsuccessful troubleshoot and to correct the issues on the gateway router or display the NAT table so first we have to pink from PC - 8 - this a loopback 0 interface with this IP address we will do that coming to PC - a command prompt ping - loopback 0 here is that a truss and here we can see we are getting the replay now we are going to give this a shot command show IP net translations on the rotor gateway coming to the router or gateway enable class show IP net to translations and here we can see that but it's not showing here so what we will do we will a pink once more no we will come back to gateway router and we will give that chalk amount again and here we can see the result the net entry was added to the table with the ICMP listed as the protocol when PC - isn't an ICMP requests to a nine 2.30 1.7.1 on isp what port number was used in this ICMP exchange so here we can see for IC M piece with the different the port numbers is first line used to 13 then here we can see 14 then on third line we can see 15 and third Lane fourth line we can see sixteen so here maybe your answer also may vary so it may be necessary to disable the PC - a firewall for the ping to be successful right so coming to see from PC - a telnet to the ISP loopback zero interface and display the NAT table now we will come to PC - a command prompt and we will tell it through loopback 0 here is the actress password is cisco enable password is class for weekends be able to get rotor is P now we will come back to Gateway show IP net translations and here we can see the details they given a note here the net for the IC empiric custom may have timed out and been removed from the NAT table yes here we can see that it's remote what was the protocol used in this translation here we can see the protocol here is a TCP next you so what are the port numbers used here we can see the port numbers used 10 25 23 and 23 here we can see 10 25 in city global bar local here we can see the port number it's a 1 0 2 5 outside global or local here we can see it's 23 this is the port number for the telnet here this is a global local port number of a very coming to D because static NAT was configured for PC - a verify that a pinging from is p2p see - a at the static NAT public address that is at least a truss is successful coming to the rotor ISP enable password his class here we are going to ping to this HS and here we can see success rate is hundred percent e on the gateway router display the net table to verify the translation coming to Gateway here we are going to give IP net translations and here we can see the output notice that the outside local and I would say the global addresses are the same this actress is the IASB a remote network a source a truss for the ping from the ISP to succeed the insular global static NAT a truss that is a two node 9.16 5.20 0.225 was translated to the inside the local address of pc - a here we can see that - 192.168.1.2 NT coming to UF verify net statistics by using the show IP net statistics command on the gateway rotor here also they given the output for that show command we will give on this ro Torah gateway show IP net statistics the here we can see the output total translations one static one dynamic and one extented outside interfaces insert interfaces expert ran solutions right note this is only a sample output your output may not match exactly right coming to part three configure and the verify dynamic match dynamic NAT uses a pool of public addresses and assigns them on a first-come first-serve basis when an inside the devices or echoes access to an outside network dynamic NAT assigns an available public ipv4 address from the pool dynamic NAT or cells in a many-to-many a truss mapping between local and global addresses coming to step on clear nights before proceeding to add dynamic NAT supply or the Nats and statistics from party 2 by giving this command declare IP net translations star clear I peanut statistics coming to the road for Gateway so we are going to give a clearer IP net translation sudden star deletes all dynamic translations also we are going to give a clear IP net we'll check that here here we are not getting the statistics right now we will come to step to define an access control list that matches the land private IP address range ACL one is used to allow 192.168.1.0 slash 24 network to be translated so we are going to create this access list one on this router or gateway coming to the router or a gate to a configure terminal here we are going to create the access leads to one here we are going to permit one ninety two dot one sixty eight dot one dot zero network also we are going to specify that while the cutter bits 0 or 0 or 0.255 coming to step three verify that NAT interface configurations are still valid we should the show IP net statistics command on the gateway router to verify the net configurations so coming to our router or gateway show IP net statistics and here we can see the details now we will come to step before define the pool of usable public IP at trust here we can see the command but we have to give our on the road for Gateway coming to the router or gateway configure terminal IP net to pull then we are going to specify a pool name public underscore access then we are going to give a static IP atrás - night-night ix or to 165 you thought - 0 0 - 4 - then we have to specify and enter IP address - not 9.16 5.20 0.254 then we have to give a net mask and we have to specify the network mask it's a 255.255.255.0 for coming to step 2 5 define the net from the inside the source list to the outside pole remember that in that pool names are case sensitive and the pole name entered here must have match that you used in the previous step right so this is the command might be able to give coming to the router or gateway here we are going to give IP match inside source list is one pool we have to specify the pole name public underscore axis coming to a step 6 attest to the configuration from PC - beeping the loopback zero interface using this IP address on I SP if the ping goes unsuccessful troubleshoot and to correct the issues on the Gateway rotor display the NAT table so himself they're given the command and the output show IP nap translations and here we can see the output in say the global in say local also we can see outside local and outside global coming to PC - be command prompt here we are going to give the command to ping to this loop x0 and here we can see we are getting the replay now we will come to Gateway and here we are going to give a show I P net translations and here we can see the output what is the translation of the in Siri localhost at R Us for PC - be coming to our output here we can see that the inside is global here is the actress a dynamic NAT and she was added to the table with ICMP as the protocol when PC - be sent an ICMP message - over 9 2.30 137 doe - one on is P now what port number was used in this ICMP exchange so coming to our output here we can see shall we have a four ICMP protocols so here we used seven eight - nine and it 10 now we will come to P from PC - be open a browser and the enter the IP address of the ISP simulated webserver loopback 0 interface when prompted a login as a web user with a password of web pass anyway this is not going to work in our cisco packet tracer in the beginning we have seen IP HTTP server command not accepted in this cisco packet tracer so the real time you can do this anyways we will come to see display the NAT table here we can see here they given the output for that what protocol was used in this translation here we can see it's a TCP and - what port numbers were used inside here used we can see 10 38 and 39 10 40 etc and outside we can see it's 80 what well-known port number and service was used so it's a tea this is for HTTP coming to D very fine at statistics by using the show IP net statistics command on the gateway rotor here we can see that the show IP net statistics total active translations are 3-1 static to dynamic and one extented also we can see accessories to one pull right also we can see these details here not address on the inter truss right this is only a sample output are your output may not a match exactly now we will go to step 7 I remove the static NAT entry in step 11 the static NAT entry is removed and you can observe the net entry remove the static NAT from party to enter yes when prompted to delete a child entries here we can see that command yes we will do that coming to the rotor gateway Cisco enable class show running config and we will copy this line configure terminal and here we are going to give know then we are going to paste at that line we copied here is that right next is clear the nets and the statistics coming to the rotor clear pipe a net translations coming to see thing the is p1 92.3 1.7.1 from both house coming to pc - a command prompt thing - we are getting the replay no we will come to pc - b command prompt here we can see we are getting the replay now we are going to give a display the NAT table and the statistics show IP net statistics also show IP net translations here we can see the details total translations eight zero static eight dynamic eight extented here we can see the details also we will give show IP net translations new here we can see the output here we can see this all these four from one PC and this suffer from the other PC also we can see the inside global access here two for two two for three right this is only a sample output okay in a we have seen that coming to a reflection first one a why would not be used in a network obviously first of all of an hour there won't be enough public IP addresses then we will use an ad also an ad can provide a measure of security by hiding internal atras from outside networks coming to the second question what are the limitations of NAT yes NAT needs IP information or port number information in the IP header and TCP header of top of the packets for translation so here is a partial list of protocols that cannot be used with NAT such as SNMP LG ap etc well that's all in this lab activity configuring dynamic and static NAT friends if you have any doubt in this lab activity please comment below also if you like my video give a thump and share with your friends and finally don't forget to subscribe this channel so that you will get latest uploading video info directly into your Gmail thank you
Info
Channel: Tech Acad
Views: 30,978
Rating: undefined out of 5
Keywords: NAT, Network Address Translation, CCNA
Id: qeVCdWrYQu8
Channel Id: undefined
Length: 38min 58sec (2338 seconds)
Published: Thu Jun 14 2018
Related Videos
9.2.3.6 Packet Tracer - Implementing Static and Dynamic NAT
Tech Acad
37K
6.8.2 Lab - Configure NAT for IPv4
Tech Acad
20K
NAT basics for beginners CCNA - Part 1
danscourses
368K
NAT - SNAT, DNAT, PAT & Port Forwarding
Sunny Classroom
341K
CCNA DAY 45: Configuring Static NAT on Cisco Router| How to Configure Static NAT Using Packet Tracer
Gurutech Networking Training
2.4K
6.4.5 Packet Tracer - Configure Static NAT
Tech Acad
22K
2.2.2.5 Lab - Configuring IPv4 Static and Default Routes
Tech Acad
79K
Router on a Stick Inter-VLAN Routing | CISCO Certification
Tech Acad
214K
Static NAT -- Configuration and Verification -- NAT on Cisco IOS Routers (FREE Course Preview)
Practical Networking
18K
7.4.2 Lab - Implement DHCPv4
Tech Acad
44K
6.2.2.5 Lab - Configuring VLANs and Trunking
Tech Acad
59K
Configuring DHCP using Cisco iOS - DHCP Server & DHCP Helper
LearnTech Training
247K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.