Définitiond'un réseau local, étendu et de l'inter réseau . ModÚle TCP/IP et Le routage des paquets ( routage statique et dynamique). Binaire Chapitre 8 : Examen détaillé de la table de routage . Chapitre 9 : Configuration du routage inter Vlan . Dépannage de La translation d'adresse IP ( NAT et PAT). Configuration de Examens corriges pdf
Configuring NAT for multiple Vlans on a Cisco router is a challenge that many inexperienced Cisco network engineers have had to contend with at one stage of their careers or the other. While NAT implementation is really not a big deal, its successful implementation on a Cisco router configured for multiple vlans can give you a grief, if you do not know what you are doing. In my previous post, I shared with us on how to configure dhcp on a Cisco router with multiple vlans. You can find it here. In this post, using a slightly modified version of the previous network topology, I will share with us on how to configure NAT for multiple vlans on a Cisco router. Network topology Objective Our objective in this lab is to configure NAT for the three vlans represented in the network topology. We can NAT all three vlans to one public IP or to separate public IPs. For this demonstration, each vlan will be NATed to the public IP on the WAN interface of the router. Public IPs to be used in the NAT for multiple vlans Vlan 10 private subnet= Public IP= Vlan 20 private subnet= Public IP= Vlan 30 private subnet= Public IP= You may also like How to redistribute static routes into eigrp using Cisco Packet Tracer Configuring NAT for multiple vlans First, we create three access-lists to match the private subnets. Routerconfigaccess-list 10 permit Routerconfigaccess-list 20 permit Routerconfigaccess-list 30 permit Next, we create pools for the vlans. Routerconfigip nat pool timigate netmask Configure the NAT statement. Each statement will reference corresponding access-list and NAT pool for that vlan. See below. Routerconfigip nat inside source list 10 pool timigate overload Routerconfigip nat inside source list 20 pool timigate overload Routerconfigip nat inside source list 30 pool timigate overload The final step is to define the inside and outside interfaces. This is where most people run into trouble. They use the physical interface instead of the sub-interfaces. Where sub-interfaces are used for vlans, these sub-interfaces must be defined and used as the NAT inside interfaces. See below. Routerconfigint f0/1 Routerconfig-ifip nat outside Routerconfigint f0/ Routerconfig-subifip nat inside Routerconfig-subifint f0/ Routerconfig-subifip nat inside Routerconfig-subifint f0/ Routerconfig-subifip nat inside Routerconfig-subif Verification To verify that NAT is working as it should, we turn on debug on the router, using the debug ip nat command. After that, we run a ping from the computers on the LAN to the ISP router. The output below will be displayed on the core router. From the output above, we can see the source address being translated to as it heads out to destination and on the second link we see the reverse process of going to destination before it gets directed to
Cedocument dĂ©crit comment implĂ©menter le NAT-PT statique sur des pĂ©riphĂ©riques de Cisco IOSÂź par un exemple de configuration. Dans cet exemple, les Noeuds de rĂ©seau d'IPv6Configuring Port Address Translation PAT on Cisco devices With Port Address Translation PAT, a single public IP address is used for all internal private IP addresses, but a different port is assigned to each private IP address. This type of NAT is also known as NAT Overload and is the typical form of NAT used in todayâs networks. It is even supported by most consumer-grade routers. PAT allows you to support many hosts with only few public IP addresses. It works by creating dynamic NAT mapping, in which a global public IP address and a unique port number are selected. The router keeps a NAT table entry for every unique combination of the private IP address and port, with translation to the global address and a unique port number. You will be able to create the corresponding Configlet commands using Network Configuration Manager application. This will help you perform the same operation on multiple devices simultaneously. If you don't have NCM installed, please click here to download and install the application. To configure PAT, the following commands are required Configure the routerâs inside interface using the ip nat inside command. Configure the routerâs outside interface using the ip nat outside command. Configure an access list that includes a list of the inside source addresses that should be translated. Enable PAT with the ip nat inside source list ACL_NUMBER interface TYPE overload global configuration command. Steps to configure PAT for the network picture above using CLI. Login to the device using SSH / TELNET and go to enable mode. Go into the config mode. Routerconfigure terminal Enter configuration commands, one per line. End with CNTL/Z. Routerconfig Configure the router's inside interface Routerconfiginterface Gi0/0 Routerconfig-ifip nat inside Routerconfig-ifexit Configure the router's outside interface Routerconfiginterface Gi0/1 Routerconfig-ifip nat outside Define an access list that will include all private IP addresses you would like to translate within interface config mode Routerconfig-ifaccess-list 1 permit Routerconfig-ifexit Enable NAT and refer to the ACL created in the previous step and to the interface whose IP address will be used for translations Routerconfigip nat inside source list 1 interface Gi0/1 overload Exit config mode Routerconfigexit Router Execute show ip nat translations command to view the NAT configuration. Notice that the same IP address has been used to translate three private IP addresses and The port number of the public IP address is unique for each connection. So when S1 responds to R1 look into its NAT translations table and forward the response to Copy the running configuration into startup configuration using below command Routerwrite memory Building configuration... [OK] Router The corresponding configlet can be created in NCM application as shown in below screenshot. Also you can click the below button to download the Configlet as XML and import it into NCM application using file import option. Configlet Name Configure PAT - Port Address Translation - Cisco Description This configlet is used to configure Port Address Translation PAT on cisco devices Execution Mode Script Execution Mode Configlet Content configure terminal interface $INSIDE_INTF ip nat inside exit interface $OUTSIDE_INTF ip nat outside exit access-list $ACL_ID permit $SOURCE_ADDRESS $SUBNET_MASK ip nat pool $POOL_NAME $POOL_ADDRESS $POOL_ADDRESS netmask $NETMASK ip nat inside source list $ACL_ID pool $POOL_NAME overload exit show ip nat translations write memory
BonjourĂ tous, Alors voila, j'ai un petit problĂšme avec la configuration d'un routeur cisco 800 series au niveau du NAT. Mon problĂšme est que malgrĂ© le fait d'avoir tout configurer en suivant le schĂ©ma des documentations cisco, je n'arrive toujours pas Ă accĂ©der Ă internet depuis mes sous-rĂ©seaux. Voici la topologie de mon rĂ©seau: You are here Home / Cisco Routers / Configuring NAT on Cisco Routers Step-by-Step PAT, Static NAT, Port Redirection The depletion of the public IPv4 address space has forced the internet community to think about alternative ways of addressing networked hosts. Network Address Translation NAT therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet. Even if NAT was suggested as a temporary solution, it has been adopted by all network hardware manufacturers, and it is considered a very useful technology, not only for IP address conservation, but also for many other purposes including security. Basically NAT allows a single network device a router, firewall etc to act as an agent between a private local area network and a public network such as the Internet. The purpose of this NAT device is to translate the source IP addresses of the internal network hosts into public routable IP addresses in order to communicate with the Internet. Some of the advantages of using NAT in IP networks are the following NAT helps to mitigate the depletion of the global public IP address space Networks can now use the RFC 1918 private address space internally and still have a way to access the Internet using NAT. NAT increases security by hiding the internal network topology and addressing scheme. Cisco IOS routers support different types of NAT as will be explained below. NAT has many forms and can work in several ways, but in this post I will explain the most important types of NAT. For the next 2 scenarios we will be using the following simple network 1. Overloading or Port Address Translation PAT This is the most frequently used form of NAT in IP networks. It uses the concept of âmany-to-oneâ translation where multiple connections from different internal hosts are âmultiplexedâ into a single registered public IP address using different source port numbers. This type of NAT allows a maximum of 65,536 internal connections to be translated into a single public IP. This type of NAT is very useful in situations where our ISP has assigned us only a single public IP address, as shown on the diagram below. All IP addresses of the LAN network will be translated using the public IP of the router interface FastEthernet0/0 ip address ip nat outside ! interface FastEthernet0/1 ip address ip nat inside ! access-list 1 permit ip nat inside source list 1 interface FastEthernet0/0 overload 2. Static Port Address Translation Port Redirection Assume now that we have only one public IP address which is the one configured on the outside interface of our border router. We want traffic hitting our routerâs public IP on port 80 to be redirected to our internal Web Server at IP interface FastEthernet0/0 ip address ip nat outside ! interface FastEthernet0/1 ip address ip nat inside ! ip nat inside source static tcp 80 80 3. Configuring Static NAT NAT can be performed both statically and dynamically. Static NAT simply maps one private IP address to a single public IP address, and this is the flavor of NAT we are discussing in this section. A Cisco router performing NAT divides its universe into the inside and the outside. Typically the inside is a private enterprise, and the outside is the public Internet. In addition to the notion of inside and outside, a Cisco NAT router classifies addresses as either local or global. A local address is an address that is seen by devices on the inside, and a global address is an address that is seen by devices on the outside. Given these four terms, an address may be one of four types Inside local addresses are assigned to inside devices. These addresses are not advertised to the outside. Inside global are addresses by which inside devices are known to the outside. Outside local are addresses by which outside devices are known to the inside. Outside global addresses are assigned to outside devices. These addresses are not advertised to the inside. Letâs jump right into static NAT configuration on a Cisco router as shown in the Figure below R1 is the router performing Network Address Translation NAT and has two interfaces Fa0/0 on the inside and Fa0/1 on the outside. The specific IP addresses involved are NAT Address Type IP Address Inside local Inside global Outside local Outside global Table 1 NAT Addresses for Figure Above You probably know very well how to configure IP addresses on router interfaces, so we skip those configuration steps and move straight to the interesting stuff. First, we have to assign Fa0/0 as NAT inside interface and Fa0/1 as NAT outside interface on R1. This would tell the router that interesting traffic entering or exiting these two interfaces will be subject to address translation. R1conf term Enter configuration commands, one per line. End with CNTL/Z. R1configinterface Fa0/0 R1config-ifip nat inside R1config-ifinterface Fa0/1 R1config-ifip nat outside R1config-ifend Now we would tell the router how to perform address translation and mention which IP addresses source or destination to re-write in packets moving between the inside and outside interfaces. Here we go R1configip nat inside source static Here, we are telling the router to perform NAT on packets coming into the router on the inside interface Fa0/0. More specifically the router would identify which of these packets have a source IP address of and would change it to before forwarding the packet out the outside interface Fa0/1. Similarly, return packets coming in at outside interface Fa0/1 would undergo translation of destination IP address. Letâs now verify if NAT is actually working as it is supposed to work. There are a couple of very useful Cisco IOS commands that can be used to do just that. Command show ip nat statistics displays the number of static and dynamic NAT translations, inside and outside interfaces, and the number of hits and misses. R1show ip nat statistics Total active translations 1 1 static, 0 dynamic; 0 extended Outside interfaces FastEthernet0/1 Inside interfaces FastEthernet0/0 Hits 0 Misses 0 CEF Translated packets 0, CEF Punted packets 0 Expired translations 0 Dynamic mappings Appl doors 0 Normal doors 0 Queued Packets 0 Command show ip nat translations displays the IP addresses for NAT translations. R1show ip nat translations Pro Inside global Inside local Outside local Outside global â â â As you see in the above output, we have one NAT entry configured with Inside global address and Inside local address specified. Outside local and Outside global addresses are blank because our NAT configuration does not change those addresses. Letâs now go to the PC and ping the Server before running the command show ip nat translations again to see if it makes any difference. R1show ip nat statistics Total active translations 2 1 static, 1 dynamic; 1 extended Outside interfaces FastEthernet0/1 Inside interfaces FastEthernet0/0 Hits 10 Misses 0 CEF Translated packets 10, CEF Punted packets 0 Expired translations 0 Dynamic mappings Appl doors 0 Normal doors 0 Queued Packets 0 R1show ip nat translations Pro Inside global Inside local Outside local Outside global icmp â â â As you can see in the above output, NAT is active as manifested by the appearance of an additional dynamic entry for ICMP protocol and some additional hits, corresponding to our ping attempt from PC to Server. We just configured and verified a simple NAT scenario translating only the source or destination not both at the same time IP addresses of packets moving between inside and outside interfaces. This sort of NAT configuration is called static NAT as a single inside local IP address is statically mapped to a single outside local IP address. Another important feature of NAT is static Port Address Translation PAT. Static PAT is designed to allow one-to-one mapping between local and global addresses. A common use of static PAT is to allow Internet users from the public network to access a Web server located in the private network. Letâs assume we intend to host a Web server on the inside on the same PC, that has an IP address The following configuration line would allow us to do just that R1configip nat inside source static tcp 80 80 This configuration line performs the static address translation for the Web server. With this configuration line, users that try to reach port 80 www are automatically redirected to port 80 www. In our case, is the IP address of the PC which is also the Web server. This configuration can be verified using the same two NAT verification commands show ip nat translations and show ip nat statistics. Notice that the address with port number 80 HTTP translates to port 80, and vice versa. Therefore, Internet users can browse the Web server even though the Web server is on a private network with a private IP address. Related Posts Comparison of Static vs Dynamic Routing in TCP/IP Networks Cisco OSPF DR-BDR Election in Broadcast Networks â Configuration Example How to Configure Port Forwarding on Cisco Router With Examples Adjusting MSS and MTU on Cisco 800 routers for PPPoE over DSL The Most Important Cisco Show Commands You Must Know Cheat Sheet . 711 784 625 526 282 64 151 779configuration nat et pat cisco pdf
