.
.

Configuration NAT on the Router

Configuration NAT of the Router Bjelovar in IT network

IT network with NAT

Use the following values to configure NAT services on BJELOVAR:

• 1- Configure NAT on the BJELOVAR router to translate the 10.10.0.0 /16 inside host IP addresses to the
192.168.100.0 /24 outside network address range.
• 2- Use PAT, so that all addresses are using only the IP addresses of 192.168.100.11 through
192.168.100.20, with a subnet mask of 255.255.255.0.
• 3- Create a static mapping of 192.168.100.1 to BJELOVAR Fastethernet 0 interface of 10.10.0.1. This will allow other routers to ping the Fastethernet 0 interface of BJELOVAR with the command ping 192.168.100.1.


Bjelovar#configure terminal

// 1- Dynamic translation - define the Standard access list permiting the inside private addresses - those inside local/private addresses that are to be translated
// Access list (ACL) are used by NAT to select addresses for dynamic translation
// Defining default ACL that tells the router which local IP addresses will be allowed to translate (in this example, the network 10.10.0.0. /16 done from Wilcard mask)

#access list access-list-number permit source-IP-address Wildcard-mask

Bjelovar(config)#access-list 1 permit 10.10.0.0 0.0.255.255


// 2- Dynamic translation - Define the pool of global/public addresses to be allocated as needed, (pool name is POOLNAME)
// Create "a pool" ie. Group's public IP address that will be used to translate the local IP address 'Overload'. Local IP addresses from network 10.10.0.0 /16 can translate IP addresses from the POOL and that the IP addresses in the range of 192.168.100.11 /24 to 192.168.100.20 /24

#ip nat pool pool name start IP end IP netmask prefix-length

Bjelovar(config)#ip nat pool POOLNAME 192.168.100.11 192.168.100.20 netmask 255.255.255.0

// 2a- Dynamic translation - Define the PAT translation, use the ip nat inside source command. This command, with the overload option, will create port address translation using the serial 0 IP address as the base:
// establish overload translation
// Establish dynamic source translation, specifying the access list defined in the prior step
// Establishes PAT - Overload translation criteria of ACL over POOL

# ip nat inside source list access-list-number pool pool-name overload

Bjelovar(config)#ip nat inside source list 1 pool POOLNAME overload

// 3- create static mapping of 192.168.100.1 to allow other routers to ping the Fastethernet 0 interface of R1
// Create static NAT (mapping) IP address 10.10.0.1, which will be coded by public IP address 192.168.100.1 - Setting this static NAT other routers will be able to ping the Fa0 the 'Bjelovar' router.

#ip nat inside source static local IP global IP

Bjelovar(config)#ip nat inside source static 10.10.0.1 192.168.100.1

Bjelovar(config)#interface fastethernet 0
Bjelovar(config-if)#ip nat inside
Bjelovar(config-if)#exit
Bjelovar(config)#interface serial 0
Bjelovar(config-if)#ip nat outside
Bjelovar(config-if)#exit



9.1. Bjelovar#show ip nat translations

Pro Inside global Inside local Outside local Outside global
--- 192.168.100.1 10.10.0.1 --- ---



9.2. Bjelovar#show ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: FastEthernet0
Hits: 5 Misses: 5
Expired translations: 5
Dynamic mappings:
-- Inside Source
Access list 1 interface refcount 0



9.3. Bjelovar#show running-config

Building configuration...
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Bjelovar
enable secret 5 $sdf$6978yhg$jnb76sd
enable password cisco
!
ip subnet-zero
!
ip dhcp excluded-address 10.10.0.1 10.10.0.10
!
ip dhcp pool poolname
network 10.10.0.0 255.255.0.0
default-router 10.10.0.1
dns-server 10.10.0.5
!
interface Serial0
ip address 192.168.1.5 255.255.255.252
bandwidth 64
encapsulation frame-relay ietf
frame-relay lmi-type ansi
frame-relay map ip 192.168.1.6 101 broadcast
ip nat outside
!
interface FastEthernet0
ip address 10.10.0.1 255.255.0.0
no ip directed-broadcast
bandwidth 100000
ip nat inside
!
ip nat inside source list 1 pool poolname
ip nat pool poolname 192.168.100.11 192.168.100.20 netmask 255.255.255.0
ip nat inside source static 10.10.0.1 192.168.100.1
ip classless
no ip http server
!
access-list 1 permit 10.10.0.0 0.0.255.255
!
line con 0
login
transport input none
password cisco
line aux 0
line vty 0 4
login
password cisco
!
no scheduler allocate
end