Cisco Routing/Switching – Network Address Translation

Let’s configure NAT, only valid IP addresses from the Corporate office will be permitted to use NAT.

Referring to our topology above we want to NAT the corporate ranges, assuming this excludes branch.

On CO-R1 we want to label our inside and outside interfaces

CO-R1#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol 
GigabitEthernet0/0     10.1.0.1        YES manual up                    up 
GigabitEthernet0/0.2   10.1.1.1        YES manual up                    up 
GigabitEthernet0/0.5   10.1.2.1        YES manual up                    up 
GigabitEthernet0/1     unassigned      YES unset  administratively down down 
GigabitEthernet0/2     unassigned      YES unset  administratively down down 
Serial0/0/0            188.29.163.173  YES manual up                    up 
Serial0/0/1            unassigned      YES unset  administratively down down 
Vlan1                  unassigned      YES unset  administratively down down
CO-R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CO-R1(config)#int serial0/0/0
CO-R1(config-if)#ip nat outside

Looking first at our interfaces so we can decide what is what, our ISP is our outside interface and anything else is inside as shown below:

CO-R1(config)#int g0/0
CO-R1(config-if)#ip nat inside
CO-R1(config-if)#exit
CO-R1(config)#int g0/0.2
CO-R1(config-subif)#ip nat inside
CO-R1(config-subif)#exit
CO-R1(config)#int g0/0.5
CO-R1(config-subif)#ip nat inside
CO-R1(config-if)#exit

So we have labelled our NAT interfaces accordingly we now need to create an ACL and configure our addresses that we want to use NAT:

CO-R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CO-R1(config)#ip access-list standard CorporateNAT
CO-R1(config-std-nacl)#permit 10.1.0.0 0.0.0.255
CO-R1(config-std-nacl)#permit 10.1.1.0 0.0.0.255
CO-R1(config-std-nacl)#permit 10.1.2.0 0.0.0.255
CO-R1(config-std-nacl)#do sh ip access
Standard IP access list CorporateNAT
    10 permit 10.1.0.0 0.0.0.255
    20 permit 10.1.1.0 0.0.0.255
    30 permit 10.1.2.0 0.0.0.255

CO-R1(config-std-nacl)#

So we have created our ACL “CorporateNAT” and we permit the Corporate Subnets 10.1.0.0 /24, 10.1.1.0 /24 10.1.2.0 /24

So let’s configure and bind this all together using NAT Overload:

CO-R1(config)#ip nat inside source list CorporateNAT interface serial0/0/0 overload
CO-R1(config)#

Deciphered – NAT using the inside Source list CorporateNAT on the WAN interface and use port address translation (Nat Overload)

Now test the devices can ping 4.2.2.2 and 8.8.8.8 from PC A and PC B – We created these as loopback addresses a few posts ago.

C:\>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:

Reply from 8.8.8.8: bytes=32 time=3ms TTL=254
Reply from 8.8.8.8: bytes=32 time=1ms TTL=254
Reply from 8.8.8.8: bytes=32 time=2ms TTL=254
Reply from 8.8.8.8: bytes=32 time=10ms TTL=254

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 10ms, Average = 4ms

C:\>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:

Reply from 4.2.2.2: bytes=32 time=1ms TTL=254
Reply from 4.2.2.2: bytes=32 time=1ms TTL=254
Reply from 4.2.2.2: bytes=32 time=2ms TTL=254
Reply from 4.2.2.2: bytes=32 time=1ms TTL=254

Ping statistics for 4.2.2.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

C:\>

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *