ip nat pool CCNA 198.18.151.97 198.18.151.102 netmask 255.255.255.248

 

Hint: any time you see the word POOL it will tell you ; that is PUBLIC ip address

Step 2) Define the source of the inside local address and bind it to CCNA defined in part 1

Hint: ip nat ?

 

R1#

R1#

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#ip nat ?

inside   Inside address translation

outside  Outside address translation

pool     Define pool of addresses

R1(config)#ip nat

% Incomplete command.

R1(config)#ip nat ins

R1(config)#ip nat inside ?

  source  Source address translation

R1(config)#ip nat inside sou

R1(config)#ip nat inside source ?

list    Specify access list describing local addresses

static  Specify static local->global mapping

R1(config)#ip nat inside source list ?

<1-199>  Access list number for local addresses

WORD     Access list name for local addresses

R1(config)#ip nat inside source list 1 ?

interface  Specify interface for global address

pool       Name pool of global addresses

R1(config)#ip nat inside source list 1 poo

R1(config)#ip nat inside source list 1 pool ?

WORD  Name pool of global addresses

R1(config)#ip nat inside source list 1 pool CCNA ?

overload  Overload an address translation

<cr>

R1(config)#ip nat inside source list 1 pool CCNA ove

R1(config)#ip nat inside source list 1 pool CCNA overload ?

<cr>

R1(config)#ip nat inside source list 1 pool CCNA overload

 

Hint: if ISP has given you a single IP address after LIST 1 ? I will use

       interface s0/0

Hint: when you see the word LIST that should tell you ; I need to have ACL 1 that will define my local address

Step 3) now define you ACL 1

Hint: I have /26

 

255.255.255.255-

255.255.255.192

————–

0.0.0.63 as wild cards

 

 

R1(config )# access-list 1 permit 192.168.91.64     0.0.0.63

                                    subnet ID         wild cards

 

 

 

R1(config)#

R1(config)#acc

R1(config)#access-list ?

<1-99>     IP standard access list

<100-199>  IP extended access list

R1(config)#access-list 1 ?

deny    Specify packets to reject

permit  Specify packets to forward

remark  Access list entry comment

R1(config)#access-list 1 permi

R1(config)#access-list 1 permit ?

A.B.C.D  Address to match

any      Any source host

host     A single host address

R1(config)#access-list 1 permit 192.168.91.69 0.0.0.63

 

Here I intentionally put wrong subnet ID; but IOS will fix it for me:

Here is my show run:

 

ip nat pool CCNA 198.18.151.97 198.18.151.102 netmask 255.255.255.248

ip nat inside source list 1 pool CCNA overload

ip classless

!

!

access-list 1 permit 192.168.91.64 0.0.0.63 

Step 4) Tell router which side is Inside and which side is outside and make sure be under interface and give:

 

Int f0/0

Ip nat inside

 

Int s0/0

Ip nat outside

 

 

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#int f0/0

R1(config-if)#ip nat

R1(config-if)#ip nat ?

inside   Inside interface for address translation

outside  Outside interface for address translation

R1(config-if)#ip nat ins

R1(config-if)#ip nat inside

R1(config-if)#

R1(config-if)#

R1(config-if)#int s0/0

R1(config-if)#ip nat ?

inside   Inside interface for address translation

outside  Outside interface for address translation

R1(config-if)#ip nat out

R1(config-if)#ip nat outside

 

Now let’s look at show run:

interface FastEthernet0/0

ip address 192.168.91.126 255.255.255.192

ip nat inside

duplex auto

speed auto

!

!

interface Serial0/0

ip address 192.0.1.109 255.255.255.252

ip nat outside

clock rate 64000

ip nat pool CCNA 198.18.151.97 198.18.151.102 netmask 255.255.255.248

ip nat inside source list 1 pool CCNA overload

ip classless

!

!

access-list 1 permit 192.168.91.64 0.0.0.63

last two steps is done to check and make sure life is good;

Step 5) make sure your router has a default route to ISP.

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#

R1(config)#ip route 0.0.0.0 0.0.0.0 ?

A.B.C.D          Forwarding router’s address

Ethernet         IEEE 802.3

FastEthernet     FastEthernet IEEE 802.3

GigabitEthernet  GigabitEthernet IEEE 802.3z

Loopback         Loopback interface

Null             Null interface

Serial           Serial

R1(config)#ip route 0.0.0.0 0.0.0.0 192.0.1.110

Step 6) make sure ISP knows your network; so ISP will need a static route back to

your network

ISP#

ISP#config t

Enter configuration commands, one per line.  End with CNTL/Z.

ISP(config)#ip route ?

A.B.C.D  Destination prefix

ISP(config)#ip route 198.18.151.96 ?

A.B.C.D  Destination prefix mask

ISP(config)#ip route 198.18.151.96 255.255.255.248 ?

A.B.C.D          Forwarding router’s address

Ethernet         IEEE 802.3

FastEthernet     FastEthernet IEEE 802.3

GigabitEthernet  GigabitEthernet IEEE 802.3z

Loopback         Loopback interface

Null             Null interface

Serial           Serial

ISP(config)#ip route 198.18.151.96 255.255.255.248 s0/0

ISP(config)#

As we see for ISP make sure you use the PUBLIC address not private; snice ISP does not know your private IP address

 

 

Now i go and check the ping from PC to Internet; then I go to R1#show ip nat translation

!

PC>

PC>ping 192.0.1.110

 

Pinging 192.0.1.110 with 32 bytes of data:

 

Reply from 192.0.1.110: bytes=32 time=13ms TTL=254

Reply from 192.0.1.110: bytes=32 time=15ms TTL=254

Reply from 192.0.1.110: bytes=32 time=11ms TTL=254

Reply from 192.0.1.110: bytes=32 time=12ms TTL=254

 

Ping statistics for 192.0.1.110:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 15ms, Average = 12ms

 

 

 

R1#show ip nat translations

Pro  Inside global     Inside local       Outside local      Outside global

icmp 198.18.151.97:10  192.168.91.65:10   192.0.1.110:10     192.0.1.110:10

icmp 198.18.151.97:11  192.168.91.65:11   192.0.1.110:11     192.0.1.110:11

icmp 198.18.151.97:12  192.168.91.65:12   192.0.1.110:12     192.0.1.110:12

icmp 198.18.151.97:9   192.168.91.65:9    192.0.1.110:9      192.0.1.110:9

 

Here is the summary:

 

interface FastEthernet0/0

ip address 192.168.91.126 255.255.255.192

 ip nat inside

duplex auto

speed auto

 

!

interface Serial0/0

ip address 192.0.1.109 255.255.255.252

 ip nat outside

clock rate 64000

!

ip nat pool CCNA 198.18.151.97 198.18.151.102 netmask 255.255.255.248

ip nat inside source list 1 pool CCNA overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.0.1.110

!

!

access-list 1 permit 192.168.91.64 0.0.0.63

!

Hint: if ISP has given you single Ip address then you do not need the pool statement ( the 1st statement) ; and also your 2nd statment will be like this

 

ip nat inside source list 1 int s0/0  overload

 

Now If I add another LAN (10.10.10.0/24) using my int f0/1

Make sure you have define AcL for Network 10.10.10.0 /24 to go out and

Make sure your apply to int f0/1 with command ip nat inside

 

 

interface FastEthernet0/0

ip address 192.168.91.126 255.255.255.192

 ip nat inside

 duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.10.10.100 255.255.255.0

 ip nat inside                              ( Please add this)

duplex auto

speed auto

!

interface Serial0/0

ip address 192.0.1.109 255.255.255.252

 ip nat outside

clock rate 64000

!

ip nat pool CCNA 198.18.151.97 198.18.151.102 netmask 255.255.255.248

ip nat inside source list 1 pool CCNA overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.0.1.110

!

!

access-list 1 permit 192.168.91.64 0.0.0.63

access-list 1 permit 10.10.10.0 0.0.0.255              (please add this Line)

!