Scribd
Upload
190 views6 pages

NAT Practice With BGP and PBR: Lab Topology

The document describes a lab exercise on configuring NAT. Routers R1, R2, R3 and R4 are used, with R3 acting as the NAT router between the inside and outside networks. Static NAT is configured to map the server IP 10.1.13.1 to 123.31.36.1, and dynamic NAT maps client IP 10.1.23.2 to pool 123.31.36.2-123.31.36.2. BGP is also configured between R3 and R4 to advertise networks. Initially ping tests succeed but direct ping from R2 to R1 public IP fails. This is resolved by using a route map on R3 to forward

Uploaded by

Aye Kyaw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
190 views6 pages

NAT Practice With BGP and PBR: Lab Topology

The document describes a lab exercise on configuring NAT. Routers R1, R2, R3 and R4 are used, with R3 acting as the NAT router between the inside and outside networks. Static NAT is configured to map the server IP 10.1.13.1 to 123.31.36.1, and dynamic NAT maps client IP 10.1.23.2 to pool 123.31.36.2-123.31.36.2. BGP is also configured between R3 and R4 to advertise networks. Initially ping tests succeed but direct ping from R2 to R1 public IP fails. This is resolved by using a route map on R3 to forward

Uploaded by

Aye Kyaw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Download PNETLab Platform

PNETLAB Store
PNETLab.com

NAT Practice with BGP and PBR


Lab Topology:
The lab network topology is illustrated below:

https://user.pnetlab.com/store/labs/detail?id=16042993804260
Lab Objective:
The objective of this lab exercise is for you to learn and understand NAT in real world.
Task:
Our Company have 2 vlans:
Vlan 10 for server: 10.1.13.0/24 (R1)
Vlan 20 for user: 10.1.23.0/24 (R2)
R3 is Router Gateway and it will NAT all inside to IP 123.31.36.0/24

1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

R4 is Internet Router that have a loopback 4.4.4.4/32


R3 and R4 are running BGP Protocol.
Here is our task:
1. Configured NAT:
o IP server: 10.1.13.1 --> Nat static: 123.31.36.1
o IP user: 10.1.23.2 --> Nat dynamic: 123.31.36.2
o R1 and R2 need to ping to L0 of R4
o R4 need to ping to R1 via IP Public
2. R2 need to ping to R1 via IP Public in order check IP Public of Server that working or not.

Solution

Basic Configuration:

Router R1 R2
Configuration interface Ethernet0/0 interface Ethernet0/0
no shutdown no shutdown
ip address 10.1.13.1 255.255.255.0 ip address 10.1.23.2 255.255.255.0
! !
ip route 0.0.0.0 0.0.0.0 10.1.13.3 ip route 0.0.0.0 0.0.0.0 10.1.23.3

Router R3 R4
Configuration interface Ethernet0/0 interface Loopback0
no shutdown no shutdown
no ip address ip address 4.4.4.4 255.255.255.255
! !
interface Ethernet0/0.10 interface Ethernet0/0
no shutdown no shutdown
encapsulation dot1Q 10 ip address 10.1.34.4 255.255.255.0
ip address 10.1.13.3 255.255.255.0 !
! router bgp 2
interface Ethernet0/0.20 bgp log-neighbor-changes
no shutdown neighbor 10.1.34.3 remote-as 1
encapsulation dot1Q 20
ip address 10.1.23.3 255.255.255.0
!
interface Ethernet0/1
no shutdown
ip address 10.1.34.3 255.255.255.0
!
2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

router bgp 1
bgp log-neighbor-changes
neighbor 10.1.34.4 remote-as 2

Router SW
Configuration vlan 10
!
Vlan 20
!
interface Ethernet0/0
no shutdown
switchport access vlan 10
switchport mode access
!
interface Ethernet0/1
no shutdown
switchport access vlan 20
switchport mode access
!
interface Ethernet0/2
no shutdown
switchport trunk encapsulation dot1q
switchport mode trunk

Configured NAT

First, we need to advertise L0 of R4 to R3 and 123.31.36.0/24 of R3 to R4:

R3(config)#ip route 123.31.36.0 255.255.255.0 Null 0


R3(config)#router bgp 1
R3(config-router)#net 123.31.36.0 mask 255.255.255.0

R4(config)#router bgp 2
R4(config-router)#net 4.4.4.4 mask 255.255.255.255
Let’s check:

R3#show ip route bgp

3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

4.0.0.0/32 is subnetted, 1 subnets


B 4.4.4.4 [20/0] via 10.1.34.4, 00:01:26

R4#show ip route bgp

123.0.0.0/24 is subnetted, 1 subnets


B 123.31.36.0 [20/0] via 10.1.34.3, 00:02:00
Now, we will configure NAT for server and client:

R3(config)#ip nat inside source static 10.1.13.1 123.31.36.1


R3(config)#access-list 1 permit host 10.1.23.2
R3(config)#ip nat pool User 123.31.36.2 123.31.36.2 netmask 255.255.255.0
R3(config)#ip nat inside source list 1 pool User
R3(config)#interface e0/0.10
R3(config-subif)#ip nat inside
R3(config-subif)#interface e0/0.20
R3(config-subif)#ip nat inside
R3(config-subif)#interface e0/1
R3(config-if)#ip nat outside
Let’s check ping from R1 and R2:

R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

R2#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R3#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 123.31.36.1:0 10.1.13.1:0 4.4.4.4:0 4.4.4.4:0
--- 123.31.36.1 10.1.13.1 --- ---
icmp 123.31.36.2:0 10.1.23.2:0 4.4.4.4:0 4.4.4.4:0
--- 123.31.36.2 10.1.23.2 --- ---
It is working. Now, we check from R4 ping to R1 via IP Public:

4
Download PNETLab Platform
PNETLAB Store
PNETLab.com

R3#clear ip nat translation *

R4#ping 123.31.36.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.31.36.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

R3#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 123.31.36.1:0 10.1.13.1:0 10.1.34.4:0 10.1.34.4:0
--- 123.31.36.1 10.1.13.1 --- ---
So, we have done task 1.

R2 need to ping to R1 via IP Public

Let’s try to generate ping from R2

R2#ping 123.31.36.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.31.36.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

R3#show ip route 123.31.36.2


Routing entry for 123.31.36.0/24
Known via "static", distance 1, metric 0 (connected)
Advertised by bgp 1
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1
You can see that R2 can not reach to R1 via IP Public. When packet from R2 go to R3, R3 will
forward all packet that want to reach 123.31.36.0/24 into Null0.

So we need to a route-map in order to solve this problem:

R3(config)#access-list 101 per ip any 123.31.36.0 0.0.0.255


R3(config)#route-map R2R1 per 10
R3(config-route-map)#match ip address 101
R3(config-route-map)#set ip next-hop 10.1.34.4

5
Download PNETLab Platform
PNETLAB Store
PNETLab.com

R3(config)#interface e0/0.10
R3(config-subif)#ip policy route-map R2R1
R3(config-subif)#interface e0/0.20
R3(config-subif)#ip policy route-map R2R1
I have pushed all packet from Inside that want to reach 123.31.36.0/24 to next-hop 10.1.34.4. Let’s
check again:

R2#ping 123.31.36.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.31.36.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms

R2#traceroute 123.31.36.1
Type escape sequence to abort.
Tracing the route to 123.31.36.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.23.3 3 msec 1 msec 1 msec
2 10.1.34.4 3 msec 1 msec 2 msec
3 10.1.34.3 1 msec 5 msec 4 msec
4 * * *

R3#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 123.31.36.1:2 10.1.13.1:2 123.31.36.2:2 123.31.36.2:2
--- 123.31.36.1 10.1.13.1 --- ---
icmp 123.31.36.2:2 10.1.23.2:2 123.31.36.1:2 123.31.36.1:2
--- 123.31.36.2 10.1.23.2 --- ---
Great! Everything is working.

You might also like