Wednesday, 9 January 2013

NAT Configuration on GNS3

Network Address Translation:
Network address translation is used to allow the multiple local user to access the internet using a single or more public IPs. In NAT we map the private IPs to public IPs. You can implement NAT on Cisco router in following ways:
  1. Static NAT
  2. Dynamic NAT
  3. PAT (Port Address Translation)
What is Static NAT?
 In static NAT we manually map private IPs on public IPs. By static NAT an internet user having a private IP address can access a Web server over the Internet.

 What is Dynamic NAT?
In dynamic NAT we define pool of public IPs and the router himself assign the IP on request respective on permanent bases. when a local host requests access to the Internet, the router assign an IP address from the pool that is not at the time being used by another host. In dynamic NAT maximum number of user can access the internet simultaneously equal to number of public IPs in IP pool.

Step by step NAT Configuration:
Design the network topology in gns3 as shown below: 
 
Qemu1-IP: 10.1.1.11/24
Qemu2-IP: 10.1.1.13/24

C1 Cloud Configuration:
 Right click on cloud/configure and add your physical NIC, this configuration made the internet access available to every device in this topology.
,

Step by Step NAT Configuration:
 Since this is a test lab therefore i will use 192.168.1.0/24 network as public IP and 10.1.1.0/24 as local network.
Step-1:Define inside and outside interfaces

R1(config)#hostname commonerror
commonerror(config)#int f1/0
commonerror(config-if)#ip address 192.168.1.100 255.255.255.0
commonerror(config-if)#no shut
commonerror(config-if)#ex
commonerror(config)#int f1/1
commonerror(config-if)#ip add
commonerror(config-if)#ip address 10.1.1.1 255.255.255.0
commonerror(config-if)#ip nat inside
commonerror(config-if)#ex
commonerror(config)#int f1/0
commonerror(config-if)#ip nat outside
commonerror(config-if)#ex
commonerror(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 (For internet access)

Step-2: Permit local IPs using Access-list
Create an access-list in which permit the hosts that will access the outside network/internet:

commonerror(config)#access-list 1 permit 10.1.1.0 0.0.0.255

Step-3: Create Global IPs Pool


commonerror(config)#ip nat pool global-ips 192.168.1.33 192.168.1.40 netmask 255.255.255.0

Step-4: NAT Configuration

commonerror(config)#ip nat inside source list 1 pool global-ips
NAT Verification Command:
From any host ping any public ip e.g 4.2.2.2,98.137.149.56 and then use the command "Show ip nat translation" that will show the ip mapping.

No comments:

Post a Comment