Network Engineering Asked by Wahaz on September 30, 2021
I’ve set up a network with 4 VLAN, 3 VLAN configured PAT on it and 1 VLAN configured STATIC NAT. The router is acting as the DHCP server. Outside of my router I have another router acting as "the internet" with an ip address of 172.16.10.1 /24.
Everything is working fine and I can successfully do STATIC NAT on VLAN1 however it doesn’t work when I attempt PAT configuration on VLAN2, VLAN3 & . Below is my Router configuration:
Building configuration...
Current configuration : 1578 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
username admin password 0 123
!
!
license udi pid CISCO1941/K9 sn FTX1524C1YC-
!
!
!
!
!
!
!
!
!
ip ssh version 1
ip domain-name test.com
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip access-group 1 in
ip nat inside
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/1/0
ip address 100.10.10.1 255.255.255.240
ip nat outside
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip nat pool route 100.10.10.100 100.10.10.100 netmask 255.255.255.240
ip nat inside source list 1 pool route overload
ip nat inside source static 192.168.2.254 100.10.10.3
ip classless
ip route 0.0.0.0 0.0.0.0 100.10.10.2
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login local
transport input ssh
!
!
!
end
Thanks
Assuming you want use VLAN 3 & VLAN 4 as your LAN network and want to configure pat natting for internet access, and assuming VLAN 1 is used for DMZ network for hosting an application which needs static NAT.
Configuration of subinterface in router. For example in router subinterface configuration:
Int g0/0.3
Encapsulation dot1Q 3
Ip address 192.168.2.1 255.255.255.0
Ip nat inside
No shutdown
Int g0/0.4
Encapsulation dot1Q 4
Ip address 192.168.10.1 255.255.25&.0
Ip nat inside
No shutdown
PAT (port address translation)
Port address translation is always outbound traffic
Router(config) access-list 1 permit ip 192.168.2 .0 0.255.255.255
Router(config) access-list 1 permit ip 192.168.10.0 0.255.255.255
Router(config) ip nat inside source list 1 interfàce serial 0/1/0 overload
PAT is source natting. The source private IP is translated to the address of interface S0/1/0 when traffic is going from inside to outside (outbound traffic).
Static NAT configuration for accessing DMZ hosted servers application from internet:
Assume the internal server is on VLAN1 and assume IP is 192.168.0.5:
Public IP from ISP is: 100.10.10.5
Router(config)# ip nat inside source static 192.168.0.5 100.10.10.5
Static NAT is considered as destination NAT mostly..
Answered by Sagar Uragonda on September 30, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP