Anda di halaman 1dari 11

Belajar Mengkonfigurasi NAT Di Cisco Device

Belajar Mengkonfigurasi PAT,Static NAT,Port Static Map NAT


Dynamic NAT,Dynamic NAT with Overload,Serta Gabungan
Dynamic NAT with Overload dan Port Static Map NAT diRouter Cisco

Percobaan Pertama (PAT)


Langkah-langkahnya adalah sebagai berikut:
--------------------------------------------------1.Tentukan Inside Interface dari NAT
--------------------------------------------------cnc1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

cnc1(config)#interface FastEthernet0/0
cnc1(config-if)#ip address 192.168.30.1 255.255.255.0
cnc1(config-if)#ip nat inside
cnc1(config-if)#exit
--------------------------------------------------2.Tentukan Outside Interface dari NAT, kita asumsikan
bahwa ip 192.168.20.2 adalah IP Public (analogi IP Public yang salah
,karena sudah terlanjur ke save di router T_T)
--------------------------------------------------cnc1(config)#interface Ethernet1/0
cnc1(config-if)#ip address 192.168.20.2 255.255.255.0
cnc1(config-if)#ip nat outside
cnc1(config-if)#exit
--------------------------------------------------3.Buat a standard access list, Identify internal IP
Address to be translated and enable NAT Overload

--------------------------------------------------cnc1(config)#access-list 20 permit 192.168.30.0 0.0.0.255


cnc1(config)#ip nat inside source list 20 interface FastEthernet1/0 overload
cnc1(condig)#end
cnc1#

--------------------------------------------------How to check 1 (ping dari host di dalam nat to host diluar nat)
--------------------------------------------------C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :


IP Address. . . . . . . . . . . . : 192.168.30.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fec0::1:2%1
IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%4
Default Gateway . . . . . . . . . : 192.168.30.1

C:\>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:

Reply from 192.168.10.2: bytes=32 time=233ms TTL=126


Reply from 192.168.10.2: bytes=32 time=187ms TTL=126
Reply from 192.168.10.2: bytes=32 time=208ms TTL=126

Reply from 192.168.10.2: bytes=32 time=170ms TTL=126

Ping statistics for 192.168.10.2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 170ms, Maximum = 233ms, Average = 199ms

C:\>
----------------------------------------------------How to check 2 (ping dari host di diluar nat to host didalam nat)
----------------------------------------------------C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :


IP Address. . . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fec0::3:2%1
IP Address. . . . . . . . . . . . : fe80::20c:29ff:fe63:5efd%4
Default Gateway . . . . . . . . . : 192.168.10.1

C:\>ping 192.168.30.2

Pinging 192.168.30.2 with 32 bytes of data:

Reply from 192.168.10.1: Destination host unreachable.

Reply from 192.168.10.1: Destination host unreachable.


Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.

Ping statistics for 192.168.30.2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

----------------------------------------------------How to check 3 (debug ip nat [no access-list ] detailed)


----------------------------------------------------cnc1#debug ip nat 20 detailed
IP NAT detailed debugging is on for access list 20
cnc1#
*Apr 18 13:08:53.451: mapping pointer available mapping:0
*Apr 18 13:08:53.451: NAT: [0] Allocated Port for 192.168.30.2 -> 192.168.20.2: wanted 512 got 512
*Apr 18 13:08:53.451: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [21978]
*Apr 18 13:08:53.455: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [21978]
*Apr 18 13:08:53.455: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [21978]
*Apr 18 13:08:53.587: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1813]
*Apr 18 13:08:53.587: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1813]
*Apr 18 13:08:55.823: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22033]
*Apr 18 13:08:55.827: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22033]
*Apr 18 13:08:55.919: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1814]
*Apr 18 13:08:55.919: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1814]
*Apr 18 13:08:58.035: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22087]

*Apr 18 13:08:58.035: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22087]


*Apr 18 13:08:58.199: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1816]
*Apr 18 13:08:58.199: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1816]
*Apr 18 13:08:58.827: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22136]
*Apr 18 13:08:58.827: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22136]
*Apr 18 13:08:58.943: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1817]
*Apr 18 13:08:58.943: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1817]
*Apr 18 13:09:01.947: mapping pointer available mapping:0
*Apr 18 13:09:01.947: NAT: [0] Allocated Port for 192.168.30.2 -> 192.168.20.2: wanted 1270 got 1270
*Apr 18 13:09:01.947: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22325]
*Apr 18 13:09:01.951: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22325]
*Apr 18 13:09:01.951: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22325]
*Apr 18 13:09:02.067: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1819]
*Apr 18 13:09:02.067: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1819]
*Apr 18 13:09:02.087: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22336]
*Apr 18 13:09:02.087: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22336]
*Apr 18 13:09:04.011: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1821]
*Apr 18 13:09:04.011: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1821]
*Apr 18 13:09:04.103: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22470]
*Apr 18 13:09:04.107: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22470]
*Apr 18 13:09:04.251: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1822]
*Apr 18 13:09:04.251: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1822]
*Apr 18 13:09:04.271: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22485]
*Apr 18 13:09:04.275: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22485]
*Apr 18 13:09:04.415: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1823]
*Apr 18 13:09:04.415: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1823]
*Apr 18 13:09:04.511: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22510]
*Apr 18 13:09:04.511: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22510]
*Apr 18 13:09:15.767: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23245]

*Apr 18 13:09:15.767: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23245]


*Apr 18 13:09:15.863: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1828]
*Apr 18 13:09:15.867: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1828]
*Apr 18 13:09:15.891: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23258]
*Apr 18 13:09:15.891: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23258]
*Apr 18 13:09:16.723: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1829]
*Apr 18 13:09:16.723: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1829]
*Apr 18 13:09:16.843: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23300]
*Apr 18 13:09:16.843: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23300]
*Apr 18 13:09:17.159: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1830]
*Apr 18 13:09:17.163: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1830]
*Apr 18 13:09:17.171: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1831]
*Apr 18 13:09:17.171: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1831]
*Apr 18 13:09:17.207: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23321]
*Apr 18 13:09:17.207: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23321]
*Apr 18 13:09:17.231: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23322]
*Apr 18 13:09:17.231: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23322]
*Apr 18 13:09:17.279: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1832]
*Apr 18 13:09:17.279: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1832]
*Apr 18 13:09:17.303: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1833]
*Apr 18 13:09:17.303: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1833]
*Apr 18 13:09:17.327: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1834]
*Apr 18 13:09:17.327: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1834]
cnc1#
----------------------------------------------------How to check 4 (sh ip nat translations)
----------------------------------------------------cnc1#
cnc1#sh ip nat translations

Pro Inside global

Inside local

Outside local

Outside global

icmp 192.168.20.2:512 192.168.30.2:512 192.168.10.2:512 192.168.10.2:512


tcp 192.168.20.2:1270 192.168.30.2:1270 192.168.10.2:23 192.168.10.2:23
cnc1#

--------------------------------------------------------------------------------------------------------Wireshark 1 (host dalam nat to router nat)

--------------------------------------------------------------------------------------------------------Wireshark 2 (cloud )

-----------------------------------------------------

Percobaan Selanjutnya:
----------------------------------------------------Static NAT
----------------------------------------------------ip nat inside source static [ip private] [ip public]
ex:
ip nat inside source static 192.168.30.2 192.168.20.2
----------------------------------------------------Port Static Map NAT
----------------------------------------------------ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ex:
ip nat inside source static tcp 192.168.30.2 80 interface f1/0 80

----------------------------------------------------Dynamic NAT
----------------------------------------------------ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool]
ex:
ip nat pool iwing-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool
----------------------------------------------------Dynamic NAT with Overload
----------------------------------------------------ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat pool iwing-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool overload
----------------------------------------------------Dynamic NAT with Overload + Port Static Map
----------------------------------------------------ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ip nat pool [name-pool] [ip public-public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat inside source static tcp 192.168.30.2 80 interface f1/0 80
ip nat pool iwing-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool overload

----------------------------------------------------How to check 5 (sh ip ip access-lists and sh run | in ip nat)

----------------------------------------------------cnc1#sh ip access-lists
Standard IP access list 20
10 permit 192.168.30.0, wildcard bits 0.0.0.255 (2 matches)
cnc1#sh run | in ip nat
ip nat inside
ip nat outside
ip nat pool iwing-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source static tcp 192.168.30.2 80 interface FastEthernet1/0 80
ip nat inside source list 20 pool iwing-pool overload
cnc1#
----------------------------------------------------How to check 6 (sh ip nat translations)
----------------------------------------------------cnc1#sh ip nat translations
Pro Inside global

Inside local

Outside local

Outside global

tcp 192.168.20.2:80 192.168.30.2:80 192.168.10.2:1048 192.168.10.2:1048


tcp 192.168.20.2:80 192.168.30.2:80 192.168.10.2:1049 192.168.10.2:1049
tcp 192.168.20.2:80 192.168.30.2:80 ---

---

icmp 192.168.20.4:512 192.168.30.2:512 192.168.10.2:512 192.168.10.2:512


cnc1#
----------------------------------------------------How to check 7 (screenshoot dari client luar nat)

Anda mungkin juga menyukai