đŸœ Configuration Nat Et Pat Cisco Pdf

29.3 NAT et PAT .. 10 . ii 3 Chapitre 3 4.2 PrĂ©sentation de simulateur « Cisco Packet Tracer » .. 20 4.3 MĂ©thode configuration des Ă©quipements : .. 21 4.4 Configuration des Ă©quipements .. 21 4.4.1 Configuration des commutateurs .. 21 4.4.2 Configurations des routeurs .. 24 4.4.3 Configuration des PCs et serveurs .. 25 4.5 Test et validation de Supportde cours Ă  tĂ©lĂ©charger gratuitement sur CCNA Module 4 de categorie Cisco. Ce cours est destinĂ© Ă  un usage strictement personnel, le fichier est de format pdf de niveau AvancĂ©e , kyefL3. Configuring static NAT on Cisco devices With static NAT, routers or firewalls translate one private IP address to a single public IP address. Each private IP address is mapped to a single public IP address. Static NAT is not often used because it requires one public IP address for each private IP address. To configure static NAT on Cisco devices using Network Configuration Manager, you can create the corresponding Configlet commands and push them in multiple devices. If you don't have NCM installed, please click here to download and install the application. To configure static NAT on Cisco devices, following steps are required Configure private/public IP address mapping by using the ip nat inside source static PRIVATE_IP PUBLIC_IP command Configure the router’s inside interface using the ip nat inside command Configure the router’s outside interface using the ip nat outside command Steps to configure static NAT on Cisco devices through CLI Login to the device using SSH / TELNET and go to enable mode. Go into the config mode. Routerconfigure terminal Enter configuration commands, one per line. End with CNTL/Z. Routerconfig Use below command to configure static NAT Routerconfigip nat inside source static Configure the router's inside interface Routerconfiginterface fa0/0 Routerconfig-ifip nat inside Routerconfig-ifexit Configure the router's outside interface Routerconfiginterface fa0/1 Routerconfig-ifip nat outside Routerconfig-ifexit Exit config mode Routerconfigexit Router Execute show ip nat translations command to view the NAT configuration. Copy the running configuration into startup configuration using below command Routerwrite memory Building configuration... [OK] Router The corresponding configlet can be created in NCM application as shown in below screenshot. Also you can click the below button to download the Configlet as XML and import it into NCM application using file import option. Configlet Name Configure Static NAT - Cisco Description This configlet is used to configure static NAT in Cisco devices. Execution Mode Script Execution Mode Configlet Content configure terminal ip nat inside source static $PRIVATE_IP $PUBLIC_IP interface $INSIDE_INTF ip nat inside exit interface $OUTSIDE_INTF ip nat outside exit exit show ip nat translations write memory I have covered the configuration of static NAT and dynamic NAT in previous lessons, now it’s time for PAT. This is the topology we’ll use Let’s prepare the hosts. I am using normal Cisco routers with “ip routing” disabled to turn them into dumb hosts Host1configno ip routing Host1configdefault gateway Host2configno ip routing Host2configip default-gateway Next step is to configure NAT NATconfiginterface fastEthernet 0/0 NATconfig-ifip nat inside NATconfiginterface fastEthernet 1/0 NATconfig-ifip nat outside So far so good, let’s create an access-list that matches both hosts NATconfigaccess-list 1 permit And finally we’ll configure PAT NATconfigip nat inside source list 1 interface fastEthernet 1/0 overload I select access-list 1 as my inside source and I will translate them to the IP address on FastEthernet 1/0. The big magic keyword here is overload. If you add this we will enable PAT! Let’s give it a test run shall we? We will begin by implementing Static NAT. Static NAT is used to do a one-to-one mapping between an inside address and an outside address. Static NAT also allows connections from an outside host to an inside host. Usually, static NAT is used for servers inside your network. For example, you may have a web server with the inside IP address and you want it to be accessible when a remote host makes a request to For this to work, you must do a static NAT mapping between those to IPs. In this example, we will use the FastEthernet 0/1 as the inside NAT interface, the interface connecting to our network, and the Serial 0/0/0 interface as the outside NAT interface, the one connecting to our service provider. Routerconfigip nat inside source static FastEthernet 0/1Routerconfig-ifip nat insideRouterconfig-ifinterface Serial 0/0/0Routerconfig-ifip nat outside Static NAT provides a permanent mapping between the internal and the public IP address. In our example the private IP address will always correspond to the public IP address Dynamic NAT is used when you have a “pool” of public IP addresses that you want to assign to your internal hosts dynamically. Don’t use dynamic NAT for servers or other devices that need to be accessible from the Internet. In this example, we will define our internal network as We also have the pool of public IP addresses from to and our assigned netmask is When you configure dynamic NAT, you have to define an ACL to permit only those addresses that are allowed to be translated. Routerconfigip nat pool NAT-POOL netmask 1 permit nat inside source list 1 pool NAT-POOLRouterconfiginterface FastEthernet 0/1Routerconfig-ifip nat insideRouterconfig-ifinterface Serial 0/0/0Routerconfig-ifip nat outside We used the same interface configuration as from our static NAT example. This configuration allows addresses in the to be translated to a public IP address in the – range. When an inside host makes a request to an outside host, the router dynamically assigns an available IP address from the pool for the translation of the private IP address. If there’s no public IP address available, the router rejects new connections until you clear the NAT mappings. However, you have as many public IP addresses as hosts in your network, you won’t encounter this problem. NAT Overload, sometimes also called PAT, is probably the most used type of NAT. You can configure NAT overload in two ways, depending on how many public IP address you have available. The first case, and one of the most often seen cases, is that you have only one public IP address allocated by your ISP. In this case, you map all your inside hosts to the available IP address. The configuration is almost the same as for dynamic NAT, but this time you specify the outside interface instead of a NAT pool. Routerconfigaccess list 1 permit nat inside source list 1 interface serial 0/0/0 overloadRouterconfiginterface FastEthernet 0/1Routerconfig-ifip nat insideRouterconfig-ifinterface Serial 0/0/0Routerconfig-ifip nat outside In this case, the router automatically determines what public IP address to use for the mappings by checking what IP is assigned to the Serial 0/0/0 interface. All the inside addresses are translated to the only public IP address available on your router. Routers are able to recognize the traffic flows by using port numbers, specified by the overload keyword. The second case is that your ISP gave you more than one public IP addresses, but not enough for a dynamic or static mapping. The configuration is the same as for dynamic NAT, but this time we will add overload for the router to know to use traffic flow identification using port numbers, instead of mapping a private to a public IP address dynamically. Routerconfigip nat pool NAT-POOL netmask 1 permit nat inside source list 1 pool NAT-POOL overloadRouterconfiginterface FastEthernet 0/1Routerconfig-ifip nat insideRouterconfig-ifinterface Serial 0/0/0Routerconfig-ifip nat outside If you feel sometimes works wrong in your configuration, you can always check the NAT translations and statistics with help of the show ip nat statistics Total translations 2 0 static, 2 dynamic; 0 extendedOutside interfaces Serial0Inside interfaces Ethernet1Hits 135 Misses 5Expired translations 2Dynamic mappings— Inside Sourceaccess-list 1 pool net-208 refcount 2pool net-208 netmask end generic, total addresses 14, allocated 2 14%, misses 0 Routershow ip nat translations Pro Inside global Inside local Outside local Outside global udp tcp tcp If you have to clear the NAT translation table, you can do it with clear ip nat ip nat translation *Routershow ip nat translations RouterWhen you begin to troubleshoot, first use the available show commands. If the show commands are not enough, you still have the debug. Careful when you use debug, because debug commands are using a lot of resource and you may end up disconnected from the router and being unable to reconnect. Router debug ip nat NAT s= d= NAT s= d= [21852] NAT s= d= [6826] NAT* s= d= [23311] NAT* s= d= [6827] NAT* s= d= [6828] NAT* s= d= [23313] NAT* s= d= [23325] An asterisk * next to NAT indicates that the translations occurs in the fast-switched path. The first packet of a connection is always process-switched, which is slower. The next packets go through the fast-switched path. s= indicates that the source s= IP address is translated to refers to the destination address. [6825] is the IP identification number, which is useful for debugging and it enables correlation with other protocol analyzers. This concludes our lesson. The information found here and in the other two articles is everything you need to know for passing the Cisco CCNA exam. You can also use this information for implementing NAT in real-life, in your home network, or at your job.

configuration nat et pat cisco pdf