NAT basics for beginners CCNA - Part 2

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
now what we need to do is a general translation for this guy right here now we have users on this network also it's a strange a network everything is in one network here the DMZ the web server and the PC so the PC here is at 10 0 dot 0 dot 100 and he needs to get translated also when he crosses the router to the public address and for this we're going to do a NAT overload translation which is the most common type of translation and it's also going to be a port address translation so to translate any computer on this network right any computer that has a 10 address what we're going to have to do is first we're going to have to set up an access list to define which private addresses are permitted so we say ok perfect access list we'll say 10 ok access list 10 permit the 10.0.0.0 Network and now we have to put in wildcard bits or subnet mask in this case I'll use the wildcard bits which is the inverse of the subnet mask so 0 0 0 dot 255 and that will permit the 10 network now why did I do a slash 24 wildcard bits inversed well that's what it's defined here slash 24 right so it's a slash 24 network over here slash 24 so there's my permit my access list and now all I have to do is say okay IP nap inside source and then I'll click question mark instead of a static translation we're going to use a list to specify the access list which describes the local addresses makes sense right so the list access list is list 10 right and then I'll put another question mark and says ok well we're going to use a pool of public addresses or just one address on an interface say how about just an interface so interface Gigabit 0/0 so everything from access list 10 or everything permitted and access list 10 will get permitted and translated to whatever IP address is on gigabit 0/0 but that's a lot of addresses potentially so we're also going to put an overload and use ports random port numbers to identify the multiple private addresses going across the 1 public address and that's it so you need 2 commands to do essentially this you need your your access list and your IP net statement and we've got it we've got our access list permitting the 10 network and we've got our IP net statement and we also have already have our IP net outside and IP net inside assigned to the interfaces so we're all good so now what that means is that when PC one here wants to ping 192 168 1 dot 100 ping 192.168.1.1 100 it works okay and it totally work you can ping all the way over to here and if we look in the router I'll just do control C show IP nap translation you'll see that there's a translation from 1000 dot 100 to the public address perfect and it should work under any IP address here on the 10 network so if I say 1000 now I'm 166 ok so now I'm 166 it should still work well in there I'll ping you see it still works and if we look at our show IP net translation you'll see that 166 is also being translated right so it's also being translated so notice the port numbers sassette unattached and also notice this if I'm the company router which I am there's my inside global address which is my public facing address here's my inside local address which is my private address of whoever is getting translated and then the outside local on the outside global right now these will all appear the same whatever you can see on the other side right now we can see all the way to the 192 168 100 and so that's why it says the outside local and outside global now right now this is still not a real-world scenario because I said that private addresses are not allowed to travel across the internet and right now right we're this 192 168 1 dot 100 is getting routed here by the router and it's going all the way across so in the real world the router is going to translate this router is going to translate it to so this time we're going to do a dynamic address translation from this router so now that we're going to configure this router for NAT I'm going to switch these up here okay so now that I'm now on this router so this is my inside global and this is the inside local because now with this router and that's the outside global and that's the outside local so now I'm this router so this time we're going to set up a public address pool and we're going to say wait a minute so this router has a bunch of IP addresses this 209 165 dot 117 all the way to slash 24 on a / 28 interface so it has all of these addresses now right now the actual address that it has is 17 it only has one address configured just 17 but this company let's say your router you own all of these public addresses so to do this we're going to set up an app pool oK we've got a private land here of 192 168 1 Network so let's set up dynamic address translation on this router so first of all we'll go into the router and it's going to be similar it's going to be very very similar all right here goes it's going to be similar okay first of all interface gigabit 0/0 faces the land so that's IP net outside and interface gigabit 0/1 faces the land so that's IP nough inside ok now we're going to translate everybody on our private network to our public IP addresses but a pool of public addresses so we're going to need two things here first we're going to need access let's access - risk we'll call it one permit the 192.168.1.0 network and then we need wildcard bits which is the inverse of a subnet mask so if the subnet mask is 255.255.255.0 flip the bits and it becomes zero zero zero two five five all right there's our access list permitting global network now we need a nap pool for our public addresses so we need to set up a nap pool this is something new we haven't done this yet so IP nap and then question mark and there you'll see a pool will walk you through pool question mark we have to give it a name my pool let's put in all caps question mark and then what's the starting IP address 200 9.16 v dot 100 dot seventeen and a question mark and in the ending IP address two nine one six five 100 dot 24 question mark Oh net mask we've got to do another thing all right net mask and then the net mask okay so that's going to be interesting we'll say the net mask on a slash twenty eight let's see here the net mask on slash twenty eight so 255.255.255.0 to get that to work there we go the net pool is done we have our access list we have our nap pool and now look how easy this is IP mat inside source list one because it's access list one and then I'll put a question mark and then it says pool do you have a pool we do have a pool it's pool my pool question mark overload we might as well overload it because we only have eight public addresses and we might have a hundred private addresses so we'll have an overload on there too all right done so now both routers our network address translating so when pc0 communicates to let's say the honeypot server to a 9.1 65 129 it gets the honeypot server but his address is translated at the router so if you look at the router now you'll see that he's being translated as well control see show IP map translations and you can see that he's being translated as well 209 dot one six five dot 117 got translated with this port number a thousand twenty nine to this private address so there it is 192 168 1 dot 100 on port 1029 was translated to 209 dot one sixty five dot 117 on port 1029 so there's the translation and the outside local all we see at the other end is the public address on the other end that's what that's what we see so we can't see the other computers or the other networks outside local all we see is the public facing interface address which is whatever their public faces and that's it so that shows you the different types of translations we did a static translation one to one we did a port address translation one to one on port 80 over here we did in that overload translation the most common type of translation on this router here where you translate from the public address to the private network and then over here we did we did a dynamic address translation using a nap pool where we have a pool of addresses so we can pull these over here overload nap overload port address translation we did that over here for forwarding we did that right here static translation we did that right there and over here we did a pool of public addresses over here this is dynamic translation this whole activity will be put into a file and available on my website if you want to download it and play with it and do it all right thanks
Info
Channel: danscourses
Views: 109,192
Rating: undefined out of 5
Keywords: NAT, CCNA, CCENT, Cisco, Packet Tracer, danscourses, dynamic nat, nat pools, configure
Id: yBgWpU1-lX0
Channel Id: undefined
Length: 12min 36sec (756 seconds)
Published: Sun Apr 30 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.