Lab - 9 - NAT
Lab - 9 - NAT
CSE 324
Lab Experiment # 9
Fall 2016
To learn about Network Address Translation (NAT): why and how used?
To build an internetwork using NAT using Packet Tracer
2. Background: NAT
NAT (Network Address Translation) is a technique for preserving scarce Internet IP addresses. It converts private IP
addresses (not routable to Internet) to public IP addresses so that Internet can be accessed from private network.
Types of NAT
Developed by Cisco, Network Address Translation is used by a device (firewall, router or computer) that sits
between an internal network and the rest of the world. NAT has many forms and can work in several ways:
Static NAT - Mapping an unregistered (private) IP address to a registered (public) IP address on a one-toone basis. Particularly useful when a device needs to be accessible from outside the network.
Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP
addresses.
Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered
IP address by using different ports. This is known also as PAT (Port Address Translation), single address
NAT or port-level multiplexed NAT.
Page # 1
Lab Experiment # 9
Page # 2
Fall 2016
Lab Experiment # 9
Fall 2016
3a. Instructions:
This lab provides an opportunity to revise your understanding of NAT/PAT, and the commands for configuring
NAT/PAT on a router. The router R2 translates private IP to public IP using NAT/PAT.
Task 1: Create the Topology
Create a topology as shown in the following figure:
RIP
Table 1
Page # 3
Lab Experiment # 9
Fall 2016
Page # 4
Lab Experiment # 9
Fall 2016
Step 2: Configure PAT on R2 using the serial 0/0/1 interface public IP address.
The configuration is similar to dynamic NAT, except that instead of a pool of addresses, the interface keyword is
used to identify the outside IP address. Therefore, no NAT pool is defined. The overload keyword enables the
addition of the port number to the translation. Because you already configured an ACL to identify which inside IP
addresses to translate as well as which interfaces are inside and outside, you only need to configure the following:
R2(config)#ip nat inside source list NAT interface S0/0/1 overload
Step 3: Verify the configuration.
Ping ISP from PC1 and PC2. Then use the show ip nat translations command on R2 to verify NAT.
R2#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.225:3 192.168.10.11:3 209.165.200.226:3
209.165.200.226:3
icmp 209.165.200.225:1024192.168.11.11:3 209.165.200.226:3
209.165.200.226:1024
--- 209.165.200.254 192.168.20.254 --- --Note: In the previous task, you could have added the keyword overload to the ip nat inside source list
NAT pool MY-NAT-POOL command to allow for more than six concurrent users.
Page # 5