So, folks, we are going to do a gnat lab
and what I'm going to do first is we're going to pretend that router to here
is our enterprise router, our cooperation router.
And we're gonna pretend that, um
PC one and PC to our our private network. These are the people that work in our company. Unfortunately, we only have two companies, so apparently we are a very poor organization. But
has an i. P. Address of 10 10 10 1 which falls within the private range.
And if we look at P. C. Chu
wagon types, you in fi g
has an address of 10 10 10 to
which again is in the private range. Our default gate with of both pc one in PC to is 10 10 10 to 54
which is the sub interface reciting
on router to. So if you look at our new show I p interface brief, it's that trunk between router to and switch eight.
interface on router to is our default gateway
which is connected here to switch eight. And I just demonstrated that PC one in pc to can ping
this sub interface which is the default gateway
to the outside world
now Router Two, I believe it's still running. Oh, SPF Let's check to show i p o S p f neighbor
and so is right before I'm gonna remove
So no rattle SPF 100.
So if I do execute the command do show I'd be
I should not be seeing this
I removed or SPF show Ron, Let's see if I got rid of it from my running config.
No, I didn't. So no router. Oh SPF 100
protocols and I don't see anything or SPF is gone. And let's get rid of fit from Router four. Also, Router four, we're gonna pretend is our Internet service provider outer or our service right around her.
new router or SPF 100
show I be protocols and I don't see anything.
The reason I'm doing this is because between your outer and rather four,
you're never going to run an I g. P or Interior Gateway Protocol.
The protocols We have covered route information Protocol e g r P enhancing Tina get were out in protocol and, oh, SPF standing for open shoulders path first are all considered interior get Reporter called
that organization's used interior
with your service provider between matter, too, and rather for you will either do
static grounding. Or you will run another protocol called Border Gate with Protocol or B G p, which is part of your C c N P exams.
So right now, just to make this really I got rid off. Oh, SPF or the interior get reported call between route or two, which is our enterprise router and Router four, which is going to simulate our I S P router.
So let's go configure net. Now remember,
remember folks that our
our private address ranges tend not 10. That's not zero slash 24. This is our private
on were translating to 1 1910 10
So let's put that aside for a second. Let's log into router to
gotyou config mode by saying config, terminal
And first, let's create our pool.
Our public pool our step one.
if I had question Mark, it asks me
for the word pool. So I say pool
and the question mark feature again, I used help feature again by executing the question Mark Command.
And it is asking me for a pool name. So
the pool name is going to be Let's make it C c A
space question mark and you see it is asking me for the first i p address of the start I p address. So in the slash 24 network for 1 90 10 10 0 the first address would be 1 90 10 10 1
space question mark again. And it's asking me for the last address or the end address,
which is going to be 1 90 10 10 to 54.
Space question mark. Now it's asking me for the Net mask or the sub net mask.
So for the keywords net mask,
And now he's asking me to type in the actual mask,
which is 255 doubt true. 55255.0.
Step two is to create
a standard access list
to permit the 10 network, which resides on PC one in PC two, out
after being translated towards the SP, which is rather four.
So back to route or two and create our standard access list to permit the 10 network out.
and we will call this access list
then I'm going to say
Now, remember, guys, this Nat here is case sensitive. So if you create your access list with
an upper case with uppercase letters, make sure you match it when you apply
your access list anywhere.
Okay, so now coming back to nap, let me coming back to the access list.
ken dot Tenn dot Tenn 0.0.0.0 The wild card is going to be 0.255 Remember to get the wild card, you simply say abstract.
network mask, which was
from 255255255255 with yields 000255
Now. I'm simply gonna tie step one and step two together with command. I've seen that
inside source. My inside source
list is tied to an access list called Nat.
and then pool the word pool,
So I'm gonna go with
pool interface. Option is not relevant for C c. N A.
and then our pool name If you remember, I've seen at pull hair was CCN eh?
If I execute the help feature again,
there's the key word overload. We're gonna look at that in a moment, but for now, I'm going to ignore it.
Now I go apply my net.
is facing Router four, which is my service for a lighter, So f zero slash zero is actually facing the Internet.
AB zero slash one is facing my inside address addresses, which are the 10 network.
So as zero size zero is MME outside interface zero slash one is my inside interface.
Let's go into F zero size zero. First
facet, innit? Zero slides zero
and say I'd be Nat. Since this is outside interface,
I'm gonna tell it that you are going to be the outside facing interface
then for my inside interface.
I can't go if executed the do show I p interfaces brief command.
You see, I cannot go and apply it to the main interface fast, Ethan at 01 because we have router on a stick configured on this interface.
So I actually have a sub interface carrying the 10 network or with the i P. Address in the 10 range.
So I'm gonna have to apply my Nance to this sub interface.
So to apply anything to an interface, you first go inside that interface into face fast. Ethernet zero slash 1.10.
So let's do a show, run
and check our work before we test this.
As is good practice,
not outside on my fast Internet.
Wait. I was supposed to say I'd be not inside on the issue of slashed one,
not 10 interface. So let's go back in there
as you know, slash 1.10.
I'd be in that It's actually my inside into face guys
because it's facing the 10 network
exit out. Get out again. Now let's check our work show run.
And on the fast lieutenant, You know, zero
I do have the command. I p net
I've been at outside
and on the fastest in a zero slash one dot tin command. I have I'd be Nat inside command.
Let's get rid of this I p access groups you've seen it in. This is from left over from our
And I don't want to interfere
so just copy and paste it with the key word. No, In front,
Let's check our work again.
So, once again, fast Internet 00 facing router for our I S P router. I have I p net outside. Since it's the outside interface
fast Internet zero slash 1.10 has the key word
has the, uh, command I p net inside. Since it's my inside interface,
let's check our net commenced. I have my i p net pool ccn a describing my pool for us address being one last address being to 54
I've tied the pool and the access list together with the I P. Net inside source list. Nat,
which is why access list. Name pool CCN, eh?
My pool name is I see here matches with C. C. A name
and the key word. I mean, the
listening access list named Nat matches my access listening or my standard access in this name
permitting the 10 network out.
At this point, I should be good to go.
So let's test our net.
I'm going to attempt to Ping
So once PC one sends
and I see MP echo towards router for the source address
in that echo packet will be 10 10 10 1 since PC ones
I P address is 10 10 10 1
Once this packet reaches a route or two router to should replace that 10 10 10 1 which is a private address with a public address,
that is, our public pool is one the 1 90 range. So it should replace it with 1 90 10 10 1
Since router four resides in the public domain
or it is you're so risk for white a router.
1 51 0 on 45.4. If you remember, right, let me just show you anyways,
rather forced fast Internet 00 interface
The address is 1 51 a 1 45 4
Which would be this interface
fast, Ethan, It zeroes last Ciro.
So let's go ahead and Ping
1 51 1 45.0 I mean, $45 for
first question will time out for the
our request reply process.
And the second request is also timing out.
Let's try this again.
And our requests Our timing out.
Now, why is that? Well,
guys, remember, I took away the routing for a call between router to and router four.
I'm doing this to emphasize a point. All the nat commands that we did on route or two. I've been at inside the A P net outside and the rest of these commands here,
this is what you will be. Don't worry about that. I'd be classless command. I will explain what that is later. It's has nothing to do with that. But these commands the Nat commands that you did.
This is this is what is expected off you on the CC in a lab
and I've been at inside command and the i p net outside commit the routing part, the static routes that I'm going to create between router to and rather four are not part of the not lab when you're going to solve it
so you won't have to do that. It will already be done for you. You just have to take care of the Nat Process
and ping across and see if it works. But since I've taken away a rounding between router to and rather four, I have to create static routes, as you would have to in the real world.
So we go to router to,
and we need to create a route to all destinations on the Internet
As you remember to create a route for all destinations on the Internet, you have to
or set the gateway off last resort
so the commands in text would be, I fear. Ouch.
00000000 which stands for any destination I p. Network. With any destination, I'd be mask,
and my next top address is my Ice P router, which is rather four. So 1 51 1 $45.4
let's check around and paint table Do show. I fear out
Well, I can clear this up by adding the keyword
we do have a static route configured on rather one and get their classes or just set to go through all traffic going anywhere, destinations that don't exist in my local routing table to 1 51 1 $45. For
now, I need a route back from writer for drought or two.
Now think about it, guys. With thy creator Outback pointing to the 10 Network,
the 10 Network essentially is not visible to the outside world,
So I cannot create a route back
pointing to a writer, too,
towards the 10 Network.
I actually have to create a route
to what the outside world sees, which is the public network.
I will say I peer out,
and our public networked was 1 90
Mass was last 24 I point this too.
F 00 off route or two.
Check to see if my route exist, too. Sure, I peer out
static, and yes, it does. It is pointed to route or two
router Choose F 00 address being.
Do show I P interface. Brief
being the 1 51 a 1 45 dot to address.
Now let's go see if PC one will Ping
so just a barrel key to bring back the command
and it works. Let's make sure PC to can also paying so we can see more than just one translation
and you see, it also works quickly. Go to round or two because in packet trace their sometimes these translations Timeout show I p Nat
let's look at this table.
You have the 10 10 10 1 address
being translated to the 1 90 10 10 1 address
you have and we sent five pings. 1234 I lied. We sent four pings
and the 10 10 to address being translated to the 1 90 10 10 to address.
Now the key roars inside Local
inside local basically means
your local address on the inside of your network as you or the people sitting on the inside off your network for your private network will see you.
So people sitting on the private network will CPC one as 10 10 10 1
Now the inside global
you're inside address the 10 10 10 1 as it will be seen globally by the outside world.
You're outside. Local address
the address in the return packet The source address in the return packets. So Router four will send the echo reply back to PC one. So the source address in
the return packet, which will be the address of the F 00 interface on Router four. As seen by you locally on the inside, Never off course you see 1 50 or a 1 $45.45 dollars for return to you and the outside Global is
the outside address again Router fours address as it has seen globally by the rest of the world, which both these addresses on the same
because we in this case, are not doing a reverse napped,
which is part of your C c i E N c, c and people.
Now I see my net address table. It timed out.
Let's do a ping again
so that we can see it again.
Own real routers. Guys, this doesn't time out so quick, but we're dealing with packet tracer here.
if I execute the command again again, you see that 0.1 got translate Now, this time 0.1 got translated to dot too.
So because 0.1 I believe the router believe was already taken. So it
translated 10 10 10 1 to 10 10 10 to
It doesn't always work out perfectly with this translations. You just go with the next available address. Now, when it Claire,
And then I believe there's a start of the end.
And that's the command.
If for any reason, I want to clear out my translations. So if now I say Sure, I've seen that translations. I won't see anything.
Network address Translation.