NAT Overload

CCNA v6 Labs September 29, 2017

Rate this post
Lab Objective:
The objective of this lab exercise is for you to learn and understand how to configure NAT
overload.
Lab Purpose:
NAT overload (or PAT) is an important exam topic so you can be pretty sure it will crop up.
Rather than watch a video solution, I have provided show runs and test commands where
appropriate.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 7/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more
than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:

Task 1:
Configure the topology above. You should add a static default route on RouterB to send all
traffic out of the Serial interface. Test by pinging the Loopbacks on RouterA. Check that you
can ping all interfaces.
Task 2:
Configure a NAT pool on RouterA. The pool should consist of addresses 172.16.1.1 to
20/19 and it should NAT if any hosts from network 192.168.2.0/27 try to reach the Internet.
Overload the pool.
Task 3:
Check your configurations with show commands and pings sourced from 192.168.1.1 when
you have debug ip packet running on RouterB.
Solution
Show Runs
RouterA

interface Loopback0
ip address 192.168.1.1 255.255.255.240
!
interface Loopback1
ip address 192.168.2.1 255.255.255.224
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat pool Internet 172.16.1.1 172.16.1.20 netmask 255.255.224.0
ip nat inside source list 1 pool Internet overload
!
access-list 1 permit 192.168.2.0 0.0.0.31

RouterB

interface Serial0/0
ip address 10.0.0.2 255.255.255.252
clock rate 2000000

!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
TEST: Issue an extended ping to 10.0.0.2 from source 192.168.2.1.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/24 ms

R1#

R1#show ip nat tran

Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.1:5 192.168.2.1:5 10.0.0.2:5 10.0.0.2:5
R1#
TEST: Issue an extended ping to 10.0.0.2 from source 192.168.2.1.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
R1#

R1#show ip nat tran

Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.1:5 192.168.2.1:5 10.0.0.2:5 10.0.0.2:5
icmp 172.16.1.1:6 192.168.2.1:6 10.0.0.2:6 10.0.0.2:6
R1#
=========================