Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

IOS - Dynamic NAT

Picture
Dynamic NAT creates per flow translations of the source IP to the IP of the G0/0 interface. This will translate 10.8.19.19 to 8.0.0.8. This makes R19 traffic appear as it is actually 8.0.0.8 and 8.0.0.8 is reachable on the internet, 10.8.19.19 is not. RFC 1918 address space, 10.0.0.0/0, 172.16.0.0/12 and 192.168.0.0/16 are considered private IP address ranges and not routable online.

This is commonly referred to as PAT or Port Address Translation, where NAT entries are created on a per port basis.

This isn't going to allow traffic from the outside to reach internally. That will be covered in a different lab.


INET
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 4.0.0.100 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 8.0.0.100 255.255.255.0
!
interface GigabitEthernet0/4
 ip address 9.0.0.100 255.255.255.0
!
username cisco password 0 cisco
!
line vty 0 4
 login local
 transport input telnet ssh


R8
!
interface GigabitEthernet0/0
 ip address 8.0.0.8 255.255.255.0
 ip nat outside
!         
interface GigabitEthernet0/1
 ip address 10.8.19.8 255.255.255.0
 ip nat inside
!
ip nat inside source list NAT_OVERLOAD interface GigabitEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 8.0.0.100
!
ip access-list extended NAT_OVERLOAD
 permit ip 10.8.19.0 0.0.0.255 any



SW14
vlan 819
 name R8_R19
!
vlan 820
 name R9_R20
!
interface GigabitEthernet0/0
 switchport access vlan 819
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/1
 switchport access vlan 819
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/2
 switchport access vlan 820
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/3
 switchport access vlan 820
 switchport mode access
 spanning-tree portfast edge



R19
interface GigabitEthernet0/0
 ip address 10.8.19.19 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.8.19.8



R19#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/16/21 ms



R8#show ip nat translations 
Pro Inside global      Inside local       Outside local      Outside global
icmp 8.0.0.8:2         10.8.19.19:2       1.1.1.1:2          1.1.1.1:2




R19#telnet 1.1.1.1
Trying 1.1.1.1 ... Open

**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************

User Access Verification

Username: cisco
Password: 
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************



R8#show ip nat translations 
Pro Inside global      Inside local       Outside local      Outside global
icmp 8.0.0.8:3         10.8.19.19:3       1.1.1.1:3          1.1.1.1:3
tcp 8.0.0.8:52559      10.8.19.19:52559   1.1.1.1:23         1.1.1.1:23



INET>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:02:38   
*578 vty 0     cisco      idle                 00:00:00 8.0.0.8
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto