Lab ID: 9.9K913A089.SQI1.

Sequential Lab: NAT Overloading - PAT

Objective
Congure a simulated network to translate private IP addresses to public IP addresses that can be used
on the wide area network (WAN) by using Network Address Translation (NAT). Your NAT implementation
will minimize the number of public IP addresses used by hosts on the private network when accessing the
WAN. All passwords congured for the devices in this lab have been congured as cisco. You will congure
NAT functionality on Router4.

Lab Topology
The Topology diagram below represents the NetMap in the Simulator.

Router4
Fa0/0

Switch1

Switch2

PC1 PC3

Command Summary
Command Description
access-list access-list-number {deny creates an access control list (ACL) that denies or permits IP
| permit} source-address source- trafc from the specied address or address range
wildcard
congure terminal enters global conguration mode from privileged EXEC mode
enable enters privileged EXEC mode

1 Boson NetSim Lab Manual

 Command Description
end ends and exits conguration mode
exit exits one level in the menu structure
interface type number changes from global conguration mode to interface
conguration mode
ip nat inside denes the inside interface for NAT
ip nat inside source list access- translates anything matching the access list to the IP address
list-number interface type number of the interface specied; overload indicates that Port Address
overload Translation (PAT) will be used
ip nat outside congures an interface to be an outside interface
ping ip-address sends an Internet Control Message Protocol (ICMP) echo
request to the specied address
show ip nat translations displays the NAT translation table
show ip route displays the IP routing table
show running-cong displays the active conguration le

The IP addresses and subnet masks used in this lab are shown in the tables below:

IP Addresses
Device Interface IP Address Subnet Mask
Router3 Serial 0/1 180.10.1.1 255.255.255.0
Router4 Serial 0/0 180.10.1.2 255.255.255.0
FastEthernet 0/1 192.168.1.1 255.255.255.0

Device IP Address Subnet Mask Default Gateway

PC1 192.168.1.2 255.255.255.0 192.168.1.1
PC3 192.168.1.3 255.255.255.0 192.168.1.1

2 Boson NetSim Lab Manual

 Lab Tasks
When congured, PAT is used to statically map multiple inside local IP addresses to a single global
address. Your objective is to properly congure NAT to allow private local area network (LAN) hosts PC1
and PC3 to use NAT overloading (PAT) to access the public IP addresses in the simulated network. Private
IP addresses, as dened by Request for Comments (RFC) 1918, are IP addresses that are used by
networks that are not directly connected to the public Internet. This RFC designates Class A, Class B, and
Class C private address blocks that are available for organizations to assign to their internal networks. The
simulated network in this lab uses the private 192.168.100/24 Class C network. To allow hosts on private
networks to access the public Internet, NAT must be used. Private IP addresses are not routable on the
public Internet and are usually ltered by Internet service providers (ISPs). It is also a good practice for
operators of private networks that connect to the Internet to use lters at their network edge to prevent any
privately addressed IP trafc from exiting their network.

1. Attempt to ping from PC1 to Router3 (180.10.1.1). Is the ping successful? Why or why not? ______
______________________________________________________________________________

2. On Router4, create ACL 2, and congure it to be used to select the range of IP addresses in PC1’s
subnet so that they will be able to participate in NAT.

3. On Router4, issue the command that contains the external NAT interface and the access list and
that enables NAT overloading, or PAT.

4. On Router4, congure the NAT inside and outside interfaces.

5. From PC1 and PC3, verify that you can ping Router3 (180.10.1.1). The pings should be successful.

6. On Router4, display the NAT translation table. NAT is congured on a router that has one interface,
which connects to the inside network (inside local), and another interface, which connects to the
outside network (inside global). The output of the display should show that both the inside local IP
address of PC1 (192.168.1.2) and PC3 (192.168.1.3) have been translated to the inside global IP
address (180.10.1.2).

3 Boson NetSim Lab Manual

 Lab Solutions
1. A ping from PC1 to Router3 (180.10.1.1) fails because PC1 has a private IP address that is not
being advertised as a route to the network.

2. On Router4, issue the following commands to correctly congure ACL 2:

Router4>enable
Router4#configure terminal
Router4(config)#access-list 2 permit 192.168.1.0 0.0.0.255

3. On Router4, issue the following command, which contains the external NAT interface and the access
list and that enables NAT overloading, or PAT:

Router4(config)#ip nat inside source list 2 interface serial 0/0 overload

4. On Router4, issue the following commands to congure the NAT inside and outside interfaces:

Router4(config)#interface fastethernet 0/1

Router4(config-if)#ip nat inside
Router4(config-if)#interface serial 0/0
Router4(config-if)#ip nat outside
Router4(config-if)#end

5. Pings from PC1 and PC3 to Router3 (180.10.1.1) should be successful.

6. On Router4, issue the show ip nat translations to display the NAT translation table. NAT is
congured on a router that has one interface, which connects to the inside network (inside
local), and another interface, which connects to the outside network (inside global). The output
of the display should show that both the inside local IP address of PC1 (192.168.1.2) and PC3
(192.168.1.3) have been translated to the inside global IP address (180.10.1.2). Sample output is
shown below:

Router4#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp180.10.1.2:9392 192.168.1.2:9392 180.10.1.1:9392 180.10.1.1:9392
icmp180.10.1.2:9393 192.168.1.2:9393 180.10.1.1:9393 180.10.1.1:9393
icmp180.10.1.2:9394 192.168.1.2:9394 180.10.1.1:9394 180.10.1.1:9394
icmp180.10.1.2:9395 192.168.1.2:9395 180.10.1.1:9395 180.10.1.1:9395
icmp180.10.1.2:9396 192.168.1.2:9396 180.10.1.1:9396 180.10.1.1:9396

icmp180.10.1.2:9392 192.168.1.3:9392 180.10.1.1:9392 180.10.1.1:9392

icmp180.10.1.2:9393 192.168.1.3:9393 180.10.1.1:9393 180.10.1.1:9393
icmp180.10.1.2:9394 192.168.1.3:9394 180.10.1.1:9394 180.10.1.1:9394
icmp180.10.1.2:9395 192.168.1.3:9395 180.10.1.1:9395 180.10.1.1:9395
icmp180.10.1.2:9396 192.168.1.3:9396 180.10.1.1:9396 180.10.1.1:9396

4 Boson NetSim Lab Manual

 Sample Conguration Script
Router4 Router4 (continued)
Router4#show running-config interface FastEthernet0/0
Building configuration... no ip address
Current configuration : 931 bytes no ip directed-broadcast
! shutdown
Version 12.3 !
service timestamps debug uptime interface FastEthernet0/1
service timestamps log uptime ip address 192.168.1.1 255.255.255.0
no service password-encryption no ip directed-broadcast
! ip nat inside
hostname Router4 !
ip cef router eigrp 100
! network 180.10.0.0
ip subnet-zero auto-summary
! !
interface Serial0/0 ip nat inside source list 2 interface
ip address 180.10.1.2 255.255.255.0 Serial0/0 overload
no ip directed-broadcast !
ip nat outside ip classless
! no ip http server
interface Serial0/1 !
no ip address access-list 2 permit 192.168.1.0
no ip directed-broadcast 0.0.0.255
shutdown !
! line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
end

Copyright © 1996–2013 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

5 Boson NetSim Lab Manual