Professional Documents
Culture Documents
Scaling The Network With NAT and PAT: Address Space Management
Scaling The Network With NAT and PAT: Address Space Management
Network
with NAT and PAT
Address Space Management
ICND2 v1.07-1
ICND2 v1.07-2
ICND2 v1.07-3
ICND2 v1.07-4
ICND2 v1.07-5
interface s0
ip address 192.168.1.1 255.255.255.0
ip nat outside
!
interface e0
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
ip nat inside source static 10.1.1.2 192.168.1.2
Outside local
---
Outside global
---
ICND2 v1.07-6
ICND2 v1.07-7
Outside local
-----
Outside global
----ICND2 v1.07-8
ICND2 v1.07-9
Configuring Overloading
RouterX(config)# access-list access-list-number permit
source source-wildcard
Defines a standard IP ACL that will permit the inside local addresses
that are to be translated
ICND2 v1.07-10
hostname RouterX
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface Ethernet1
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface Serial0
description To ISP
ip address 172.17.38.1 255.255.255.0
ip nat outside
!
ip nat inside source list 1 interface Serial0 overload
!
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!
RouterX#
Pro
TCP
TCP
2007 Cisco Systems, Inc. All rights reserved.
Outside local
10.1.1.1:23
10.2.2.2:25
Outside global
10.1.1.1:23
10.2.2.2:25
ICND2 v1.07-11
ICND2 v1.07-12
ICND2 v1.07-13
ICND2 v1.07-14
ICND2 v1.07-15
ICND2 v1.07-16
Outside local
-----
Outside global
-----
ICND2 v1.07-17
The router interfaces are inappropriately defined as NAT inside and NAT outside.
2007 Cisco Systems, Inc. All rights reserved.
ICND2 v1.07-18
Pings are still failing and there are still no translations in the table.
There is an incorrect wildcard bit mask in the ACL that defines
the addresses to be translated.
2007 Cisco Systems, Inc. All rights reserved.
ICND2 v1.07-19
Outside local
---
Outside global
---
ICND2 v1.07-20
RouterB# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
Gateway of last resort is not set
C
R
R
ICND2 v1.07-21
RouterA# sh ip protocol
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.0.0
Routing Information Sources:
Gateway
Distance
Last Update
Distance: (default is 120)
ICND2 v1.07-22
ICND2 v1.07-23
10.140.1.2
10.140.2.2
10.140.3.2
10.140.4.2
10.140.5.2
10.140.6.2
10.140.7.2
10.140.8.2
10.2.2.3
10.3.3.3
10.4.4.3
10.5.5.3
10.6.6.3
10.7.7.3
10.8.8.3
10.9.9.3
10.2.2.11
10.3.3.11
10.4.4.11
10.5.5.11
10.6.6.11
10.7.7.11
10.8.8.11
10.9.9.11
ICND2 v1.07-24
Summary
There are three types of NAT: static, dynamic, and
overloading (PAT).
Static NAT is one-to-one address mapping. Dynamic NAT
addresses are picked from a pool.
NAT overloading (PAT) allows you to map many inside
addresses to one outside address.
Use the show ip nat translation command to display the
translation table and verify that translation has occurred.
To determine if a current translation entry is being used, use
the show ip nat statistics command to check the hits counter.
ICND2 v1.07-25
ICND2 v1.07-26