#CISCO IOS NAT PRO#
Pro Inside global Inside local Outside local Outside global So check it out…īefore we do anything… R1(config)#do sh ip nat trans The same logic goes for the second rule, except we are using port 80 instead. This logic is part of the NAT rule inherently. The other more subtle rule is the reverse!!! We are also saying at the same time if anything comes into an interface marked as “ip nat outside” with a DESTINATION address of 10.10.10.10 DESTINATION port 23 translate that to a DESTINATION address of 100.100.12.2 with a DESTINATION port of 23.
First, if we see a packet on an interface marked as “ip nat inside” with a SOURCE ip address of 100.100.12.2 with a SOURCE port of TCP 23, translate that to a SOURCE ip address of 10.10.10.10 with a SOURCE port of 23. So what we are saying here is actually a couple of different things. We have ip nat outside on our interface facing R5 and we have ip nat inside on the interfaces facing R2 and R4. So, let’s break down the first NAT translation. However, what we have to realize is that when we setup a NAT translation, we are actually setting up a bi-directional rule. I mean, if I want to translate things DESTINED for 10.10.10.10 you might think to use an outside destination based NAT rule right? The problem is, no such thing exists in IOS…at least on a router. So what’s the logic behind this? This is the logic that confused me for a long time. So let’s get into the NAT configuration on R1 interface FastEthernet0/0
#CISCO IOS NAT HOW TO#
Without the advertisement R5 would of course have no idea how to get to 10.10.10.10 in the first place. We are advertising the 10.10.10.10/32 into EIGRP as well. We have already setup EIGRP on all the routers here. The next thing we need to start thinking about is how we are going to accomplish this task with NAT, and how NAT works. However, we are allowed to add in a single interface and a single IP address. The question is, how do we go about doing this? The first thing we need to be thinking about is the address 10.10.10.10. EIGRP is configure on all routersĬlearly the task is looking for a NAT solution. *NOTE* You may add 1 interface and 1 ip address for this task. We are going to be hacking away at some very specific tasks.ġ) From R5, we should be able to telnet to 10.10.10.10 and get to a login prompt on R2Ģ) From R5, we should be able to telnet to 10.10.10.10:80 and get a login prompt on R4ģ) If we telnet to 10.10.10.10 port 23 or port 80 from R1, R2, or R4 we should not have this behavior Take a look at the below diagram to get an idea of the topology.
In today’s blog we will be looking at a common way to utilize NAT in order to accomplish a given task we might be asked to do in the lab.
0 kommentar(er)
