CCNA - Dynamic NAT with Pools Configuration Lab

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone i'm rafael and welcome to my channel network engineer pro in today's video we're gonna hit the cli and i'm gonna show you how to configure dynamic nat using pools on a cisco router don't forget to check the description of this video where you can find the configs that i use so that you can try it in your own lab or maybe even follow along with me here's the topology for today for the dynamic nat configuration lab this is the same exact topology from the static nat video as well if you recall from the static nat video or static net in general on cisco routers it requires us as the network engineers to configure one-to-one individual mappings so every ip address that needs to be translated we need to configure static mappings and that doesn't scale well we want the router to do that for us automatically we're going to tell the router that when packets arrive on your nat inside interface and they come from a specific subnet translate them translate their source ip address to a pool a configured pool of inside global ip addresses after that's configured when pc1 on the left in blue wants to talk out to the internet like to ping 8.8.8.8 it's gonna get nadded to the first available ip address in our pool when pc2 wants to talk out to the internet it gets added to the next available ip address in the pool and it's going to keep doing that as long as there's addresses available in the configured pool now this is your first time watching this video i'm just going to go through the topology really quick our area in blue that's our inside private enterprise network we have a single subnet of 10.10.10.0 slash and there's two pcs in that subnet we have pc1 and pc2 with ip address dot one and dot two on the far right is going to be the dns server with ip8.8.8.8 and we're going to be using that to test connectivity between the pcs and the dns server and if you look in the middle right above the nat enabled router we have a subnet 11.11.11.09 that is a public ip address block the isp gave us to translate ip addresses that is going to be our pool of ip addresses to translate to so let's get started the first thing you want to do when it comes to nat is you need to define the inside and the outside interface now if we look at the diagram the interface on the right gig 0 is connected to the area in red that is our outside global internet so that's gonna be our outside interface the interface on the left gig zero slash one connects to the inside right our private internal network that's gonna be our inside interface let's get that configured so what i'm going to do is i'm going to go to config t and i'm going to go under interface gig 0 1 and i'm just going to say ipnet inside so you can put in or you can just press tab to complete it so ip9 inside interface gig zero slash zero ipnat outside okay the next thing i wanna do is i wanna configure an access control list now i need this access control list because i need to tell the router that when packets arrive on the inside interface from a specific subnet to translate those ip addresses so i'm going to configure a standard acl so i'm going to say access list 10 permit 10.10.10.0 and it's a slash 24 network now with acls we're not putting the subnet mask here we're putting the wildcard mask so 0.0.0.255. with traditional acls when you see the permit or deny you're thinking allow or or drop traffic we're not doing that in this case we are only using this acl to match specific traffic when it arrives on the inside interface if traffic arrives on the inside interface and the source ip address comes from 10.10.10.0.24 then translate it now i came up with the wildcard mask value for the slash 24 of 0.0.0.255. if you don't know how to come up with that value yourself i want to show you it's really easy and really quick what you're going to do is you're going to take all 255's so 255.255.255.255. and you're going to subtract the subnet mask it's dotted decimal format so the subnet mask for slash 24 is 255.255.255.0 right for a slash 24. let's go ahead and do some simple math so 255 minus 255 is zero what's 255 minus 255 zero what's 255 minus 255 zero what's 255 minus zero 255 so 0.0.0.255. and that's how i came up with that value for the wildcard mask of 0.0.0.255. so let's go ahead and hit enter now that the acl is configured the next thing i need to do is to configure my pool right we're halfway done we told the router okay translate ip addresses that come from this source of 10.10 10.0 24. now we need to tell the router once you receive those specific packets what are you going to translate them to let's go ahead and do that so i'm going to say ipnat remember all of your nat configuration is pretty much going to start with ipnat now we're configuring a pool so i'm going to say pool and if you hit question mark it's asking for the name of the pool what do you want to name the pool i want to keep it simple something that makes sense to me so i'm going to say my dash pool and if i question mark here it's asking me hey what's the starting ip address for the pool what is the first available ip address that you want to translate to well since the isp gave us an 11.11.11.09 network the first available ip in that is 11.11.11.1 if i hit question mark here it's asking me what is the ending i p address it wants to know what is the last available ip address you want to translate to well since we have a slash 29 network what's the last usable ip address well in our network it's going to be 11.11.11.6 so i'm going to say 11.11.11.6 let me hit question mark again now it's asking me once we translate the source ip address what subnet mask should it have and we can define that here in two different ways we can say netmask or prefix length so if i hit net mask and i hate question mark it's asking me what is the network mask and since we're dealing with a slash 29 that's going to be a 255 255 255.248 and i'm gonna go ahead and hit enter if i didn't want to enter it that way what i could do is i can say the other option which was prefix length and then if i hit question mark it's asking for a value between 1 and 32 and we are dealing with a slash 29 so i can just say 29 now we're almost done here we've configured besides the inside and outside interfaces we've configured two individual things we configure the acl so we know what traffic to translate from and we configure the pool these are two individual pieces of config and we need one more thing to kind of glue them together and that configuration is going to be this we're going to say ipnat inside source list and what's the access list number the access list number that we used was 10. we used a standard acl now if i hit question mark here we have some options i want to select pool and then what did we name the pool we named it my pool right my dash pool all capital what this command is doing is we are saying ipnat remember everything nat on the cisco router starts with ipnat we are translating the source i p address of packets that arrive on the inside interface not every packet but only those that are matched in access list 10. once we find those packets that arrive on the inside interface that are sourced from the network defined in access list 10 translate them to a pool of ips that we defined in the pool named my pool so this line here is taking the pool configuration and merging it with the access list configuration so the two talk to each other so they're both on the same page let's go ahead and hit enter and we're done let's go ahead and test connectivity from pc1 and pc2 i'm going to go ahead and ping 8.8.8.8 perfect i have reachability let's check the nat translation table show ipnat translations cool i have one translation from 10.10.10.1 which is my inside local ip address so the ip address of pc1 it was translated to the first available ip address in the pool this is my inside global ip address this is our globally routable ip address that's representing pc1 on the inside the destination ip address was 8.8.8.8 which is our outside global and the outside local and outside global are going to be the same in this case because we're doing sourcenet now if we were doing static nat and we wanted pc2 to be able to talk we'd have to go into the configuration and configure an additional static mapping we did that in the static nad video let's see what happens now that we have dynamic nat with a pool configured let me go to pc2 and i'm going to do a ping ping8 great we have reachability let's check that translation table again look at that we have another entry here for pc2 we can tell that 10.10.10.2 which is the inside local ip address remember the internal private ip address only locally routable was translated to 11.11.11.2 the protocol is icmp because we did a ping the destination ip address is 8.8.8.8 that's our outside global ip and again these two values here are the same because we are doing source nat that's cool right it used the configured pool to automatically or dynamically translate ips from the private internal network of 10.10.10.0.24 to the inside global pool of 11.11.11.0 29. if you wanted to clear the nat translations you can do that by saying clear ipnat translations star that's going to clear everything and let's look at the show ipnat statistics this is another helpful command that i like to do so we cleared the translation so it's showing zero here zero dynamic the most translations the router has seen is four and really clear telling us what our outside interface is our outside interface is gig zero zero our inside interface is gig zeros one and the amount of hits that we've seen are twenty we've had twenty packets translated one of them has expired and here's some information about our dynamic mappings right because we're using dynamic nat with a pool it's telling us that we're using access list 10 with pool named mypool the parameters of that pool have a subnet mask of 255 255 255 248 that's a slash 29 the starting ip is 11.11.11.1 and the ending ip is 11.11.11.6 and there are no dynamic translations now because we cleared the translation so it's telling us that we have a total of six addresses and we've allocated zero percent really cool stuff if this information was populated and you wanted to clear them you can do so by saying clear ipnat statistics and that's it we've configured a dynamic nat using a pool of ip addresses that's about it for dynamic nat using a pool of ip addresses you can see why this is a little bit better than using a static net right you don't have to configure a static nand mapping for every single ip address that gets translated you let the router make that decision for you i hope you all found this video helpful if so don't forget to like comment and subscribe and you can follow network engineer pro on facebook i put all the links in the description that's it for now thanks everyone have a great day

Info

Channel: Network Engineer Pro

Views: 168

Rating: undefined out of 5

Keywords:

Id: hnBxgDma7Do

Channel Id: undefined

Length: 11min 52sec (712 seconds)

Published: Mon Jul 12 2021