Time
30 hours 46 minutes
Difficulty
Intermediate
CEU/CPE
20

Video Description

Static NAT Lab As we conclude our course on Transport Layer, Layer 4 of the OSI Module, we conduct a demonstration of Static Nat. Among other skills, from this lab lesson you'll learn how to confirm your VLAN connections, how to change switches as appropriate, you'll learn what additional OSI Model layer you must also be aware of for the static NAT Process. You'll also learn some insider CCNA tricks such as how to translate an IP address on an internal router to an IP address that will map externally using the IP NAT Inside source static? command to specific a global address for translation.

Video Transcription

00:04
Okay, I'm going to go ahead and clear my I p Nat translations for from our previous lab
00:13
and let's see if they were actually cleared with the show. I mean that
00:19
translations.
00:21
Next,
00:23
I'm going to make sure PC three's address is 10 10 10 3 which is not,
00:29
if you remember, are rather owner Stick lab. He she
00:33
three's um I P address was 2020 23. Let's
00:38
put that in the 10 Network and change our T fall gateway to Jin Jin 10 to 54
00:45
Now, let's just do some preliminary testing To make sure this worked. I'd be config
00:54
slash all check the I p
00:58
Missing and I
01:00
and my P addresses tensions and three and my default gateways. 10 10 10 to 54
01:10
That's paying the default Gateway.
01:15
The first ping should time out for the art request reply process, and then it should start pinging.
01:23
No, actually, it is not going to because we have to change the switch
01:27
and put this switch port in villain zero slash torreon villain
01:34
10 instead of villain 20.
01:37
So if you look at my switch Sure. Villain brief.
01:44
You see that zeroes? Last three right now belongs to Dillon 20. Let's change that over
01:49
into you. Fast it in that zero slack. Three. Which port? Access villain 10.
01:57
Do Show me in an
02:01
brief
02:04
back and type. This would be easier.
02:07
Okay, So sweets now poor tree has been moved over to Bill and 10
02:13
BC three should now be able to ping.
02:16
As you see, guys, when you make these changes, be aware of your layer to also.
02:23
So the first thing should time out now and then it should start pinging
02:30
if Packet Tracer is going to be kind to me.
02:32
And there we go. The 1st 2 timed out, but now it's pinging.
02:38
Now I am going to translate pc three,
02:44
10 10 10 3
02:52
to 1 90
02:54
10 10 1
02:57
I'm gonna pick the first address and translated to 1 90 10 10 1
03:02
So let's go into outer to I could say it 1 90 10 10 3 But I want to show you something. Aside from static, Matt, I want to show you that if you if I pick if I translate 10 10 10 3 toe 1 90 10 10 1 then when Router
03:21
When pc one and two
03:23
go out to the outside world. The router is router to is basically going to pick the next available address, which is going to be two and 31 90 10 10 2 and one. I need
03:34
10 10 3
03:36
So the commands in text for static net is I p nat
03:42
inside source
03:45
static.
03:46
So I mean that inside source static.
03:51
If I say question mark, it is asking me for the inside or the local address.
03:59
So I'm going to say Can 10 10 3 which is PC three's address
04:03
and then
04:05
my global address, which the address router to is going to translate to, and I'm going to pick 1 90
04:15
10 10 1
04:19
now
04:21
10 10 10 3
04:24
is always going to be translated to 1 90 10 10 1
04:29
Let's look at our translation table show. I pee in that
04:32
translations.
04:34
As you see,
04:36
I didn't have to pass traffic
04:40
before. I see translations in my table because 1 90 10 10 10 10 10 3 is always going to be translated to 1 90 10 10 1
04:49
So I should now in theory be able to
04:54
tell that to 1 90 10 10 1 and I should be. That should tell. Met me, too.
05:00
PC three, which is 10 10 10 3
05:02
Screwed around or four and try this.
05:08
I'm going to tell that
05:10
to 1 90 10 10 1
05:15
and it's his connection refused by remote toast. Let's try pinging
05:20
1 90 10 10 1
05:25
and I can ping 1 90 10 10 1
05:29
So I don't know why I did not let me tell that
05:36
password.
05:40
That's cool.
05:42
I have to create a talent password on router to also because router To is going to be the router for any inbound. Tell that connections to PC three router to is going to actually intercept those connections
05:56
or terminate those connections and then create a separate connection to PC three. So router to needs
06:02
tell that access enabled on itself. So line B T ry zero space 15
06:09
Password Cisco
06:12
Log in.
06:15
Let's check Router four. Let's try and tell that again
06:19
from Router four to P. C. One
06:23
using PC ones Global address
06:26
and it still won't let me. So
06:29
maybe this is a packet tracer thing. I will simply ping to test this paying 1 90 10 Let's do an extended ping type in Ping.
06:39
You recall i p to target i p addresses 1 90 10 10 1
06:45
Repeat, can I'm just going to set it to 500 so my translation table doesn't time out, and I'm constantly sending traffic,
06:55
and I'm going to constantly be pinging from outer one
07:00
router to still has the translation table.
07:03
And now, as you see,
07:05
10 10 10 1
07:09
10 10 10 3 is constantly being translated to 1 90 10 10 1
07:15
And with every ping, I'm going to get a translation.
07:20
And if you see my first through, translations actually did happen. 10 10 10 3 did get translated to
07:29
10 10 10 and 1 90 10 10 10 10 1 And it was a TCP
07:34
tell that connection
07:36
to pour 23.
07:42
So even though a packet tracer had a bug in it and did not show us that the tell it was actually happening router to still did perform the translations.
07:53
Now, at this point, if I
07:57
go to P c
07:59
one and two
08:01
and I tell it to router four
08:07
and I'm inside a rattle for
08:13
on from PC to I'm going to tell that to router four and I'm in route or four
08:22
if I check my translation tables on
08:24
router to again. Now we saw that PC three
08:31
or out or two is translating
08:33
the 1 90 10 10 1 address
08:37
to which we're sending. The pain's, too,
08:39
from Router Force A Router four is always translating to the 10 10 10
08:45
three address.
08:46
What if PC one and PC to try to Ping Router for Also,
08:50
let's find out
08:52
from P C. One.
08:56
I will Ping
08:56
round of four
08:58
and pc to
09:01
I Will paying
09:05
Router four.
09:09
And if I check my translation table
09:13
PC to
09:16
and PC three PC to NPC Win one are still picking the 10.1 address, which means I am not sending any more pains from router for Let's restart our pings from router for
09:30
to the one I need 10 not 10 not one address.
09:35
Repeat count will make it 1000 this time.
09:41
And now let's ping from P C. One
09:43
and I have to do this quick before this time's out
09:48
on packet tracer
09:50
and I'm gonna ping again from pc to
09:52
if I check my translation table on router to
09:58
so as we see PC three
10:01
are when somebody from the outside world uses that 1 90 10 10 1 address
10:07
to send traffic inbound towards PC three router to always translates to the 10 10 10 3 address because that is hard coded into round two to statically change with 1 90 10 10 1 address. Always through the 10 10 10 3 address and lice versa.
10:26
This concludes our static night lecture.

Up Next

Cisco Certified Network Associate (CCNA) Certification

Our online, self-paced Cisco Certified Network Associate CCNA training teaches students to install, configure, troubleshoot and operate LAN, WAN and dial access services for medium-sized networks. You'll also learn how to describe the operation of data networks.

Instructed By

Instructor Profile Image
Junaid Memon
Instructor