1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Going over it again - Static NAT - HELP

Discussion in 'Routing & Switching' started by albertc30, Nov 14, 2009.

  1. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello everybody.
    I have been going over NAT once again as I must admit I had struggled with it when I was doing my CCNA but finally got it or so I thought. Nearly 5 months down the line and I can't get it to work on packet tracer.
    What am I doing wrong guys please?
    I have PC connected to R1 then R1 connected to R2 by serial connection and PC2 connected to R2.
    I have given the PC's static IP addresses.
    PC1 is 192.168.28.1/24.
    PC2 is 172.16.0.1/24.
    R1 F9/0 is 192.168.28.254/24.
    R1 S0/0 is 10.0.0.1/30.
    R2 F9/0 is 172.16.0.254/24.
    R2 S0/0 is 10.0.0.2/30.
    Without messing about with NAT, PC1 was pinging R1, R1 was pinging R2, R2 was pinging PC2.
    NO, PC1 would not ping either R2 or PC2 nor PC2 would ping R1 or PC1 as there was no routing protocols in place nor static routes.
    I have enabled RIP VER2 on R2 and added the networks 10.0.0.0 and 172.16.0.0 to allow traffic to flow and to have networks advertised.
    Now, in R1 I do not want to use any kind of routing I want NAT to work it out.
    The scenario is to have PC1=192.168.28.1/24 to ping PC2=172.16.0.1/24.
    Here's my config on booth routers. I must go over this subject over and over and over again until it’s printed in my little brain as it has totally faded away.
    Could anyone enlighten me in the right direction, what am I doing wrong here please?
    Cheers to all.

    ****************************************************************

    R1#sh run
    Building configuration...

    Current configuration : 428 bytes
    !
    version 12.2
    no service password-encryption
    !
    hostname R1
    !
    ip ssh version 1
    !
    interface Serial0/0
    ip address 10.0.0.1 255.255.255.252
    encapsulation ppp
    ip nat outside
    clock rate 4000000
    !
    interface FastEthernet9/0
    ip address 192.168.28.254 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    ip nat inside source static 192.168.28.1 10.0.0.1
    ip classless
    !
    line con 0
    line vty 0 4
    login
    !
    end

    R1#

    ***************************************************

    R2#sh run
    Building configuration...

    Current configuration : 386 bytes
    !
    version 12.2
    no service password-encryption
    !
    hostname R2
    !
    ip ssh version 1
    !
    interface Serial0/0
    ip address 10.0.0.2 255.255.255.252
    encapsulation ppp
    !
    interface FastEthernet9/0
    ip address 172.16.0.254 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 10.0.0.0
    network 172.16.0.0
    !
    ip classless
    !
    line con 0
    line vty 0 4
    login
    !
    end

    R2#

    Please refer to picture for network diagram.

    Once again, thanks everubody.
     

    Attached Files:

    Certifications: CCNA
    WIP: 220-701 - A+
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,170
    487
    374
    How do you expect NAT to magically "work it out"?

    What I mean is... how do you expect R1 to know what to do with packets destined for 172.16.0.0/24? :)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    As BM said there is not route from the R1 to R2 as you have no configured R1 with RIPv2.

    NAT is normally used for two reasons:

    1. To give people on the internal network access to the internet. Which is done by creating a NAT Pool and then assigning that to a group of people to use.

    2. To allow external users into internal resources such as a Email Servers, Web Servers etc. This would be applied with an ACL as well.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    OK. So no route, it's like a blind man, end of story I got it.

    What I wanted to do here was to creat a scenarion with NAT and see it working.

    How can I achive this and make sure that NAT is working?

    Cheers
     
    Certifications: CCNA
    WIP: 220-701 - A+
  5. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    The problem is mate, without a real router you can't because the whole point of NAT is to allow people in or out of Public to Private Networks and vice versa.

    If you go to my ICND2 Study Guide which can be found here you can download my Packet Tracer Labs and also have a look at my network diagrams as well.

    This should show you how to implement NAT and the reasons behind it.

    Also here you can find where I implemented NAT and the reasons behind it.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  6. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Graigie you're the man.
    I do have a Cisco 1721 working here with NAT Overloading to allow my network to access the internet with an ACL of a set range of my network address /29.

    I can see the use of static NAT to allow access to my NAS from the internet, where I can map all outside access to my NAS's local inside IP address, almost like in the old days of my lovely linksys cable router mapping outside to inside ports.

    I shall look into your networks on PT and will comment on them latter.

    Cheers for your help.

    This is such an important subject and I do like it but totally lost my way about it, so therefore I will need to practise and allot.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  7. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    I have finally got static NAT working.

    Slightly different scenario then before. PC2 = 80.0.0.1 can now successfully access the web server 192.168.28.1 behind the IP address 10.0.0.5.

    Here's the config files;

    *********************************************

    R1#sh run
    Building configuration...

    Current configuration : 658 bytes
    !
    version 12.2
    no service password-encryption
    !
    hostname R1
    !
    ip ssh version 1
    !
    interface Serial0/0
    ip address 10.0.0.1 255.255.255.252
    encapsulation ppp
    clock rate 4000000
    !
    interface Serial1/0
    ip address 10.0.0.5 255.255.255.252
    encapsulation ppp
    ip nat outside
    clock rate 4000000
    !
    interface FastEthernet8/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet9/0
    ip address 192.168.28.254 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 10.0.0.0
    network 192.168.28.0
    !
    ip nat inside source static 192.168.28.1 10.0.0.5
    ip classless
    !
    line con 0
    line vty 0 4
    login
    !
    end

    R1#

    *********************************************

    R2#sh run
    Building configuration...

    Current configuration : 386 bytes
    !
    version 12.2
    no service password-encryption
    !
    hostname R2
    !
    ip ssh version 1
    !
    interface Serial0/0
    ip address 10.0.0.2 255.255.255.252
    encapsulation ppp
    !
    interface FastEthernet9/0
    ip address 172.16.0.254 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 10.0.0.0
    network 172.16.0.0
    !
    ip classless
    !
    line con 0
    line vty 0 4
    login
    !
    end

    R2#

    *******************************************

    R3#sh run
    Building configuration...

    Current configuration : 382 bytes
    !
    version 12.2
    no service password-encryption
    !
    hostname R3
    !
    ip ssh version 1
    !
    interface Serial0/0
    ip address 10.0.0.6 255.255.255.252
    encapsulation ppp
    !
    interface FastEthernet9/0
    ip address 80.0.0.254 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 10.0.0.0
    network 80.0.0.0
    !
    ip classless
    !
    line con 0
    line vty 0 4
    login
    !
    end

    R3#

    *********************************************

    I have also enabled ip Nat debug to see it working so that I could understand this a bit better.
    Now I have to work on another scenario. Dynamic NAT is next.

    Cheers everybody.
     

    Attached Files:

    Certifications: CCNA
    WIP: 220-701 - A+

Share This Page

Loading...