EASY-IP

Easy-ip is an example of one to many mapping. Here, the private ip addresses are translated to the
outbound interface of the router and the port numbers are translated

Configuration roadmap
· Configure the basic requirements such as ip addressing and ensure connectivity in the network.
· Create a basic/ advanced ACL to identify the network intended to access the internet.
· Configure easy-ip on the outbound interface of the router making use of the acl created.
· Cpature packets using wireshark when pinging from the intranet to the internet and observe the
source ip addresses.

LAB 1
Task: The devices from the network 192.168.10.0/24 should be able to access the internet.
Devices from 192.168.20.0/24 shouldn't be able to access the internet

Step 1:
Configure IP addresses on the PC's and the Routers.

Step 2:
Ensure network connectivity in your network. eg using static routes.
[AR15] ip route-static 0.0.0.0 0.0.0.0 192.168.30.17
[AR16] ip route-static 0.0.0.0 0.0.0.0 192.168.30.17

[AR17] ip route-static 192.168.10.0 255.255.255.0 192.168.30.15

[AR17] ip route-static 192.168.20.0 255.255.255.0 192.168.40.16

Step 3:
Use an ACL to identify the traffic you want to be natted.
acl 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 deny

Step 5:
Configure easy-ip on GE 0/0/2 of AR7
nat outbound 2000

Step 6:
Ping 10.10.10.18/24 and Capture packets at GE 0/0/0 of AR17 Using Wireshark.
PC>ping 10.10.10.18

LAB 2
Task: Ensure that only traffic from the client is natted using easy-ip.
The source ip addresses of traffic from PC20 and PC21 should not be translated.

Step 1:
Configure IP addresses on the devices

Step 2:
Use an acl to identify the traffic you want to be natted.
acl number 3000
rule 5 permit tcp source 30.1.0.22 0.0.0.0 destination 31.1.0.
6 0.0.0.0

Step 3:
Configure easy-ip on GE 0/0/0 of AR6.
nat outbound 3000

Step 4:
Ping the ftpserver from the client to test for connectivity.

Step 5:
On the ftp server, choose some files and ensure to confirm the right port (21). Then click start.
Step 6:
On the client, fill in the remote address of the ftpserver and click login. Capture packets on the outbound
interface of AR6 and note the ip address translation and packets exchanged.
you'll be able to view the remote files. Go ahead and download or upload some files to ensure your ftp
works fine.

The source ip address from the client is translated into the ip

address of AR6.

LAB 3:

TASK: Devices in VLAN 10 are allowed to access the internet while those in VLAN 20 aren't.
Step 1:
Configure IP addresses on the PC's and the Routers.
Configure the Vlans and vlanif ip addresses on SW1 to achieve inter-vlan routing.

Step 2:
Ensure network connectivity in your network. eg using static routes.
[AR1]ip route-static 0.0.0.0 0 10.10.30.10

[SW1]ip route-static 0.0.0.0 0 10.10.30.20

Step 3:
Use an ACL to identify the traffic you want to access the internet.
acl 2000
rule 5 permit source 10.10.10.0 0.0.0.255
rule 10 deny

Step 5:
Configure easy-ip on GE 0/0/2 of AR7
nat outbound 2000

Step 6:
Ping 10.10.10.18/24 and Capture packets at GE 0/0/0 of AR17 Using Wireshark.
PC>ping 1.1.1.30