NAT Pool

CCNA v6 Labs September 29, 2017

Rate this post
Lab Objective:
The objective of this lab exercise is for you to configure a NAT pool.
Lab Purpose:
NAT is an important exam topic so you can be pretty sure it will crop up. Rather than watch
a video solution, I have provided show runs and test commands where appropriate.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 5/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more
than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:

Task 1:
Configure the topology above. You should add a static default route on RouterB to send all
traffic out of the Serial interface. Test by pinging the Loopbacks on RouterA. Check that you
can ping all interfaces.
Task 2:
Configure a NAT pool on RouterA. The pool is 172.16.1.1 to 172.16.1.20. It should activate
if any address from the 192.168.2.0/27 network goes out of the Serial interface. You can
add a secondary IP address to the Loopback0 interface to test another address from the
pool if you wish.
Task 3:
Check your configurations with show commands and pings sourced from 192.168.1.1 when
you have debug ip packet running on RouterB.
Solution
Show Runs
RouterA

interface Loopback0
ip address 192.168.1.1 255.255.255.240
!
interface Loopback1
ip address 192.168.2.1 255.255.255.224
ip address 192.168.2.2 255.255.255.224 secondary
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat pool Internet 172.16.1.1 172.16.1.20 netmask 255.255.0.0
ip nat inside source list 1 pool Internet
!
access-list 1 permit 192.168.2.0 0.0.0.31

RouterB

interface Serial0/0
ip address 10.0.0.2 255.255.255.252
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
TEST: Do an extended ping sourced from 192.168.2.1 (do another one from source
192.168.2.2 also if you wish, but be quick to avoid the NAT entry timing out).
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms

R1#show ip nat tran

Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.1:4 192.168.2.1:4 10.0.0.2:4 10.0.0.2:4
--- 172.16.1.1 192.168.2.1 --- ---
R1#
(Try the same thing again with the secondary IP address if you wish.)
R2#debug ip traffic
*Mar 1 00:32:00.639: IP: s=172.16.1.1 (Serial0/0), d=10.0.0.2 (Serial0/0),
len 100, rcvd 3
*Mar 1 00:32:00.639: IP: tableid=0, s=10.0.0.2 (local), d=172.16.1.1
(Serial0/0), routed via FIB
*Mar 1 00:32:00.639: IP: s=10.0.0.2 (local), d=172.16.1.1 (Serial0/0), len
100, sending
R2#
=========================