Answers: Static NAT 1

certskills
By certskills April 23, 2016 09:05

Static NAT configuration looks so simple when looking at a sample. Finish off your skills by trying one for yourself, without looking at any notes for help. Check out the requirements for the lab in the earlier post, as usual! The requirements are pretty straightforward: make static NAT work for three servers.

Answers

Figure 1: Static NAT Topology (CL126.jpg)

Example 3: R1 Config

Example 4: R2 Config

 

Commentary

There are a number of different ways to configure NAT including static NAT, dynamic NAT, and Port Address Translation (PAT). Static NAT is typically used for one-to-one translations from a specific inside address (called an inside local address) to a specific outside address (called an inside global address). Dynamic NAT is slightly different because the outside address to be used will be allocated from a configured pool, which address in the pool that will be used for a specific device is not specified. The third major type of NAT is called PAT (or NAT overload); this type of NAT can be configured either with a specific outside address or with a configured pool.

The difference between PAT and the other types is that the mapping is not one-to-one from an inside address to an outside address. With PAT, there is a many-to-one mapping between the inside local address and the inside global address by using unique TCP and UDP port numbers to decide where and how to translate the packets.

For this lab you were tasked with configuring static NAT, specifically entries to translate the addresses of servers S1, S2, and S3. The requirements also specified which specific outside addresses to use: 172.16.1.10 (S1), 172.16.1.20 (S2), and 172.16.1.30 (S3).

To begin, you have to determine which interface(s) connect to hosts inside the network, and which hosts connect to the outside network. For this lab, R1’s G0/1 interface is connected to S1, S2, and S3 and is considered the inside interface; to configure this, use the ip nat inside command while in interface configuration mode. R1’s G0/2 interface is connected to R2 and is considered the outside interface; to configure this, use the ip nat outside command while in interface configuration mode.

The second task to perform is to configure the static NAT entries. S1, an inside host, uses address 192.168.1.10. To create the static NAT entry, R1 then needs ip nat inside source static 192.168.1.10 172.16.1.10 global command. This causes R1 to monitor packets arriving on the inside interfaces, look for those with a source IP address of 192.168.1.10, and if found, translate that source address to 172.16.1.10 if forwarding that packet out an outside interface. Similarly, the commands ip nat inside source static 192.168.1.20 172.16.1.20 and ip nat inside source static 192.168.1.30 172.16.1.30 create the NAT table entries for the other two servers.

Beyond the NAT configuration, routers in the outside part of the design need to be able to route packets to the inside global addresses. In this lab, the only router in the outside part of the network is R2. The requirements asked that we create a static route for the 172.16.1.0/24 subnet on R2 so that R2 would have a route to send packets back to the inside global addresses. The command to configure on R2 would be ip route 172.16.1.0 255.255.255.0 10.10.10.1, with 10.10.10.1 being R1’s G0/2 IP address, as found in the initial configuration for R1.

Static NAT 1
GRE Tunnel 1
certskills
By certskills April 23, 2016 09:05
Write a comment

4 Comments

  1. HectorJ February 23, 00:11

    Regarding this subject, on “CCENT/CCNA ICND1 100-105 Official Cert Guide”, Chapter 27, Network Address Translation, page 663, there are several points to check out for NAT troubleshooting. One of them is “User traffic required”. It explains that “NAT does no act to create translations until some user traffic enters the NAT router on an sinside interface, triggering NAT to do a translation”.
    So, what I understand is that, without such a traffic, none NAT table entry is created. However, answer to number 3 question states that NAT table entries are created by means of “Configuration using the ip nat inside source command”. That is, whitout any traffic.
    May be would be worth clarifiying this issue on further book editions

    Reply to this comment
  2. HectorJ February 23, 00:14

    Sorry, I mean: “However, answer to number 3 question states that NAT table entries are created by means of “Configuration using the ip nat inside source command. FOR STATIC NAT”. Thanks again

    Reply to this comment
  3. Bav December 31, 12:42

    Hi Wendell,

    I feel this was a bit tricky for a 1st exercise. Not the commands so much. But in the cert guide the example for static NAT gave me the impression inside global address had to be in the subnet as that outgoing interface. i.e. 10.10.10.0/30. It’s not very clear in the cert guide that this can in fact be any address, so long as it’s registered.

    Reply to this comment
  4. chrisg May 5, 08:31

    Hi Wendell,

    What is the purpose of loopback interface on R1 ?
    It seems to work fine without it.

    Best Regards
    Chris

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories