Configure NAT – GNS3 Lab
In this article we will demonstrate how to configure NAT using GNS3
Note: If you are not sure about NAT, please read my Network Address Translation NAT Tutorial
To configure static NAT we need to complete these tasks:
* Define the router’s interfaces as inside or outside:
R0uter(config-if)#ip nat inside (or ip nat outside)
* Define static mapping between the inside address and the outside address:
R0uter(config)#ip nat inside source static
+ Static NAT:
To make everything clear, we will configure static NAT in GNS3. Open your GNS3 and build a topology like this:
(IOS used: c2600-bin-mz.123-6f.bin but you can use other versions)
We should use 3 routers in this topology but I want to save some RAM and demonstrate how to ping from the loopback interface so I only use two :) Therefore we should configure the loopback interface of R0 as the source IP address and the fa0/0 interface of R0 as the “outgoing static NAT” address.
R0#configure terminal
R0(config)#int loopback0
R0(config-if)#ip address 10.0.0.1 255.0.0.0
R0(config-if)#ip nat inside
R0(config-if)#int f0/0
R0(config-if)#ip address 200.0.0.1 255.255.255.0
R0(config-if)#no shutdown
R0(config-if)#ip nat outside
R0(config-if)#exit
Finally, we have to tell the router to translate my private IP 10.0.0.1 to public IP 200.0.0.2 so that I can go to the Internet!
R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2
In R1 we just assign the IP address and no shut its interface.
R1#config terminal
R1(config)#int f0/0
R1(config-if)#ip address 200.0.0.10 255.255.255.0
R1(config-if)#no shutdown
Check if all things are right or not:
R0#show ip nat translations
In this article we don’t use a host attached to R0 so if we want to test our NAT configuration we have to ping from R0′s loopback interface by using the ping extended command:
We can use the extended ping command by typing only “ping” at the privileged mode, specify the “target IP address” and type “y” at the “Extended commands” and specify the “source address or interface” at shown below:
To approve NAT works well we can disable static NAT with the following command
R0(config)#no ip nat inside source static 10.0.0.1 200.0.0.2
Now if we use the extended ping command (without NAT configured):
-> We can’t ping from the loopback interface.
Download static NAT configuration: http://www.9tut.com/download/NAT_static_CCNA_self_study.zip
+ Dynamic NAT:
To configure dynamic NAT we need to complete these tasks:
* Define a pool of addresses (public IP) to be used for dynamic NAT allocation
Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }
* Configure a standard access control list to define what internal traffic will be translated
Router(config)#access-list access-list-number permit source [source-wildcard]
Link the access list to the NAT pool
Router(config)#ip nat inside source list access-list-number pool pool_name
Router(config-if)# ip nat inside (on fa0/0, for example)
Router(config-if)#ip nat outside (on fa0/1, for example)
* Dynamic NAT configuration example:
RouterA(config)# access-list 1 permit 192.168.0.0 0.0.0.255
RouterA(config)# ip nat pool PoolforNAT 200.23.123.6 200.23.123.10 netmask 255.255.255.0
RouterA(config)# ip nat inside source list 1 pool PoolforNAT
Note: In the above command, the word “inside” means “I want to NAT from inside to outside”; “list 1″ means “the source IP addresses to NAT are included in Access-list 1″; “pool PoolforNAT” means “NAT to the IP addresses specified in PoolforNAT”.
RouterA(config)# int loopback0
RouterA(config-if)# ip nat inside
RouterA(config-if)# int fa0/0
RouterA(config-if)# ip nat outside
Configure PAT (NAT Overload)
* Configure a standard access list to define what internal traffic will be translated
* Link the access list to the interface to be used for PAT
* Define interfaces as either inside or outside
PAT router commands
RouterA(config)# access-list 1 permit 192.168.0.0 0.0.0.255
RouterA(config)# ip nat inside source list 1 interface fa0/0 overload
(Notice the “interface fa0/0″ means “NAT out of this interface” and the keyword overload for PAT in the above command)
RouterA(config)# interface fa0/0
RouterA(config-if)# ip nat outside
RouterA(config-if)# interface loopback0
RouterA(config-if)# ip nat inside
I tried this Dynamic pat and the other “interface overload”one on my Packet Tracer but it is not working couldn’t use extended ping.
one more thin I used two routers like the one on the lab shown above for the Dynamic I assigned a different IP address to the two interface connected using the cross over table on /30 and I used a loopback and the loopback address is included in my sourcelist pool of address but my global address was not in the /30 range it is another address entirely.
Same for the interface overload one apart from the fact that I use /30 but overload command on the outgoing interface of the 1stRouter.
Please your help will be appreciated
why we wrote above loopback 0??wt is the adv of use??thanx n advance
@ ReR
In this case, if we did not use loopback0, we would only have 2 interfaces and that would make this a poor example of NAT configuration! Loopback0 simulates a real host trying to gain access to some external resource (in this case, R2).
Hope this helps,
RG
yes @ ReR this is correct
is PAT (NAT overload) configuration is the same as Dynamic NAT configuration with just a little modification of the word overload at the end statement ( ip nat inside source list pool overload) ????????????????
The lab is great. However, if you want to see the effect of the NAT configuration then you will need run debug ip nat on the enterprise router while you ping the loopback address from the isp. The outputs will appear as follow:
R2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/80/136 ms
R1#debug ip nat
00:16:55: NAT: s=10.0.0.1->200.0.0.2, d=200.0.0.10 [15]
00:16:55: NAT: s=10.0.0.1->200.0.0.2, d=200.0.0.10 [16]
00:16:55: NAT: s=10.0.0.1->200.0.0.2, d=200.0.0.10 [17]
00:16:55: NAT: s=10.0.0.1->200.0.0.2, d=200.0.0.10 [18]
00:16:55: NAT: s=10.0.0.1->200.0.0.2, d=200.0.0.10 [19]
Thanks for the lab
Can someone please email me the latest CCNA dumps. I will be taking the exam in a couple of weeks.
Thank you much
email: akilimak@yahoo.com
Thanks,
-Reg
Can someone please email me the latest CCNA dumps. I will be taking the exam in a couple of weeks.
Thank you much
email: arsadh007@yahoo.com
Thanks,
-Arshad
please TELL me the latest CCNA dumps. I will be taking the exam in NEXT MONTH
Thank you
Can someone please email me the latest CCNA dumps. I will be taking the exam in a December.
Thank you much
email: cjonboard2000@yahoo.com
I have just seen this site…. it is very good one. I am preparing for my CCNA. I will take the exams in Jan. Taking a look at the latest CCNA dumps is great, any one with it can email me at johnysozi@gmail.com
Thanks
What about Dynamic NAT with overload?
Wud be thankful to u,
if some one send me latest dum, I do have CCNA exam after 3 day’s (Saturday 24th dec)…..
Thnx…….
orangenetwork2020@gmail.com
ABCXYZ
Wud be thankful to u,
if some one send me latest dum, I do have CCNA exam after 3 day’s (Saturday 24th dec)…..
Thnx…….
orangenetwork2020@gmail
Thnx……..
UVWXYZ
Hi!!!!!! friends plz send me latest dums I will be given CCNA exam after 15 day so plz help me…
rajenpatel30189@gmail.com
thank u…………………….
Hi!!!!!! friends plz send me latest dums I will be given CCNA exam after 15 day so plz help me
at kedir_ali@yahoo.com
Hi!!!!!! friends plz send me latest dums I will be given CCNA exam after 13 day so plz help me
Hi!!!!!! friends plz send me latest dums I will be given CCNA exam after 13 day so plz help me at hossbasha@hotmail.com
GO FIND THE DUMPS YOURSELF! There are out there…at least GO study and learn something and wasting blogging space morons!
Everyone asking for dumps, gtfo…. this is particular lab is not the place to be posting those type of comments.
Hi!!!!!! friends plz send me latest dums I will be given CCNA exam after 13 day so plz help me at boots982000@yahoo.com
9tut,
I am not sure why we used 200.0.0.2 instead of 200.0.0.1 in the static NAT below:
R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2
Hi!!!! friends plz send me latest dums I will
be writing CCNA exam in 13 day time… so plz help,,,my mail address is bash_linky2k@yahoo.com
nice lab understand NAT…
but one little confusion why we used 200.0.0.2 insted of 200.0.0.1 in the NAT Translation
R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2
can any one clear it pls
Thanks in advance
@Anonymous: 200.0.0.1 is the IP of interface f0/0 of R0 so it can’t be used in static NAT.
@9tut
Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }. what is prefix-length mean and how can i write it ?
Thanks :)
@Rose: Prefix length is the number of bit “1″ in the subnet mask. For example:
RouterA(config)# ip nat pool PoolforNAT 200.23.123.6 200.23.123.10 prefix-length 24
equals to:
RouterA(config)# ip nat pool PoolforNAT 200.23.123.6 200.23.123.10 netmask 255.255.255.0
9tut ya i got it now thanks for your quick response…very nice lab…
cheers to 9tut
Thank you very very much , 9 tut.
tell lab configuration about static nat
Dear All,
pls give me answer to my query:
I am not getting concept of NAT
Say we are using int f 0/0 for private ip of a company, and int s 0/0 as public ip provided by ISP.
Now any host in company tries for google.com then its request is ultimately routed to router which is exiting our router through s 0/0 and google page is loaded.
then any way we can communicate with internet then what is requirement of NAT
I haven’t read all comments but, just in case, be sure to use a cross-over cable in setting up the NAT-PAT lab above. :) Oh, and thanks so much for this site. It’s awesome!!!
JIGNESH, you question is not clear but, from what I understand, you’re asking if a user or users at a company using a private ip address at int fa0/0 can launch Google.com website is the ISP has provided a public ip set up at s0/0 by an admin. Well, yes and no. Int f0/0 in the example above is a loopback network, only set up for testing. Let’s say you have a host, PC 1, connected to the Router 0 at int fa0/0. Well, the host will need an ip address as well, right? Right. Let’s say that the host ip is 10.0.0.2/8 with gateway 10.0.0.1/8, this set up will work. So host 10.0.0.2 will try to reach google.com, the request will first go to its gateway (10.0.0.1) then to the demarcation point at int s0/0 then to the outside world to bring back results. Note that other things will need to be set up like the protocol and DNS for all this to work. Hope this helps…some.
Can someone please email me the latest CCENT 640-822 dumps. I will be taking the exam in a couple of weeks.
Thank you much
email: sandrogia@yahoo.com
Thanks,
Sandro
hi friends plz tell me :RouterA(config)# ip nat pool PoolforNAT 200.23.123.6 200.23.123.10 netmask 255.255.255.0RouterA(config)# ip nat pool PoolforNAT 200.23.123.6 200.23.123.10 netmask 255.255.255.0
i dont understand this step plz help me
can any pls send me yhe latest ccna dumps,,ill be taing exam in couple of days,pls as soon as possible mail: arazak313@gmail.com
thnx in advance
Is there any way to test dynamic NAT ?
Is there any way to test using multiple hosts in a network rather than loop back interface ?
can some one plezz send me the latest ICND1 dump @ fistonelv@live.com..Will highly appreciate it. Thanks
I think your PAT configuration is incorrect.
You never defined a pool and did not specify the pool for public addressed you will be using when doing ip nat inside source list 1 POOL xxx interface xxx overload
Please someone send me the latest ccna dumps…
Email: kunsoil@yahoo.com
hello 9tut can u tell me where this 192.168.0.0 0.0.0.255 come from?! (in access list dynamic nat configuration)
For the PAT configuration is necesary a pool for public address??
Hi, this is probably a dump question but does the loopback need to have a default gateway address?
if it does it can reach 200.0.0.10 network via default gateway anyway, so what is the point of NAT?
hi Friends, I am giving my exams after a week. Can you help me out with the latest dumbs, please. yacoub9308@gmail.com
hello friends can you assist by sending the latest dumps on tshons@gmx.com
Wat is wrong wit some guys?why do u request for dumps.go nd do it wit ur brain nd see ur level.dumps is a bad tin.who force d exam on u.i pity u guys.
guys….. can anyone tell me if we an change destination address through natting… if so can someone paste commands here….
i tried every other option availble but no success… it gives an error like “% Pool naga is not a rotary-type pool, unexpected behavior may result.” please guide me through…..
here naga is pool name…