Dynamic NAT creates per flow translations of the source IP to the IP of the G0/0 interface. This will translate 10.8.19.19 to 8.0.0.8. This makes R19 traffic appear as it is actually 8.0.0.8 and 8.0.0.8 is reachable on the internet, 10.8.19.19 is not. RFC 1918 address space, 10.0.0.0/0, 172.16.0.0/12 and 192.168.0.0/16 are considered private IP address ranges and not routable online.
This is commonly referred to as PAT or Port Address Translation, where NAT entries are created on a per port basis.
This isn't going to allow traffic from the outside to reach internally. That will be covered in a different lab.
INET
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/1
ip address 4.0.0.100 255.255.255.0
!
interface GigabitEthernet0/2
ip address 8.0.0.100 255.255.255.0
!
interface GigabitEthernet0/4
ip address 9.0.0.100 255.255.255.0
!
username cisco password 0 cisco
!
line vty 0 4
login local
transport input telnet ssh
R8
!
interface GigabitEthernet0/0
ip address 8.0.0.8 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/1
ip address 10.8.19.8 255.255.255.0
ip nat inside
!
ip nat inside source list NAT_OVERLOAD interface GigabitEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 8.0.0.100
!
ip access-list extended NAT_OVERLOAD
permit ip 10.8.19.0 0.0.0.255 any
SW14
vlan 819
name R8_R19
!
vlan 820
name R9_R20
!
interface GigabitEthernet0/0
switchport access vlan 819
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/1
switchport access vlan 819
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/2
switchport access vlan 820
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/3
switchport access vlan 820
switchport mode access
spanning-tree portfast edge
R19
interface GigabitEthernet0/0
ip address 10.8.19.19 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.8.19.8
R19#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/16/21 ms
R8#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 8.0.0.8:2 10.8.19.19:2 1.1.1.1:2 1.1.1.1:2
R19#telnet 1.1.1.1
Trying 1.1.1.1 ... Open
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
User Access Verification
Username: cisco
Password:
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
R8#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 8.0.0.8:3 10.8.19.19:3 1.1.1.1:3 1.1.1.1:3
tcp 8.0.0.8:52559 10.8.19.19:52559 1.1.1.1:23 1.1.1.1:23
INET>show users
Line User Host(s) Idle Location
0 con 0 idle 00:02:38
*578 vty 0 cisco idle 00:00:00 8.0.0.8
This is commonly referred to as PAT or Port Address Translation, where NAT entries are created on a per port basis.
This isn't going to allow traffic from the outside to reach internally. That will be covered in a different lab.
INET
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/1
ip address 4.0.0.100 255.255.255.0
!
interface GigabitEthernet0/2
ip address 8.0.0.100 255.255.255.0
!
interface GigabitEthernet0/4
ip address 9.0.0.100 255.255.255.0
!
username cisco password 0 cisco
!
line vty 0 4
login local
transport input telnet ssh
R8
!
interface GigabitEthernet0/0
ip address 8.0.0.8 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/1
ip address 10.8.19.8 255.255.255.0
ip nat inside
!
ip nat inside source list NAT_OVERLOAD interface GigabitEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 8.0.0.100
!
ip access-list extended NAT_OVERLOAD
permit ip 10.8.19.0 0.0.0.255 any
SW14
vlan 819
name R8_R19
!
vlan 820
name R9_R20
!
interface GigabitEthernet0/0
switchport access vlan 819
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/1
switchport access vlan 819
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/2
switchport access vlan 820
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/3
switchport access vlan 820
switchport mode access
spanning-tree portfast edge
R19
interface GigabitEthernet0/0
ip address 10.8.19.19 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.8.19.8
R19#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/16/21 ms
R8#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 8.0.0.8:2 10.8.19.19:2 1.1.1.1:2 1.1.1.1:2
R19#telnet 1.1.1.1
Trying 1.1.1.1 ... Open
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
User Access Verification
Username: cisco
Password:
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
R8#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 8.0.0.8:3 10.8.19.19:3 1.1.1.1:3 1.1.1.1:3
tcp 8.0.0.8:52559 10.8.19.19:52559 1.1.1.1:23 1.1.1.1:23
INET>show users
Line User Host(s) Idle Location
0 con 0 idle 00:02:38
*578 vty 0 cisco idle 00:00:00 8.0.0.8
