Scribd
Upload
88 views5 pages

Nat Port - Policy: Lab Topology

Uploaded by

apammmmm
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views5 pages

Nat Port - Policy: Lab Topology

Uploaded by

apammmmm
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Download PNETLab Platform

PNETLAB Store
PNETLab.com

NAT PORT - POLICY

Lab Topology:
Please use the following topology to complete this lab exercise:

Lab Objective:
The objective of this lab exercise is for you to learn and understand how can you configure NAT
POLICY

Task list:
Task 1: Configure the hostname and IP address for the interface in INSIDE ZONE for Routers as
topo. Check the reachability between Routers.
Task 2: Configure 2 PPPoE Session between R1 to R2 and R1 to R3 in OUTSIDE ZONE (R1 is
PPPoE Client, R2 and R3 are PPPoE Server).
Task 3: Configure default route on R4, static route and NAT Policy on R1
Task 4: Check NAT Translate table on R1 when R4 telnet to interface Loopback on R2 and R3.
1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

SOLUTION:
Task 1: Configure the hostname and IP address for the interface in INSIDE ZONE for Routers as
topo. Check the reachability between Routers.
On R4
!
interface Ethernet0/0
ip address 192.168.1.10 255.255.255.0
!
On R1
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
!
On R4
!
interface Ethernet0/2
ip address 192.168.1.50 255.255.255.0
!
Verification:
R4#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Task 2: Configure 2 PPPoE Session between R1 to R2 and R1 to R3 in OUTSIDE ZONE (R1 is


PPPoE Client, R2 and R3 are PPPoE Server).
On R1
!
interface Ethernet0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Ethernet0/2
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside

2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

encapsulation ppp
dialer pool 1
ppp pap sent-username pppoe1 password 0 cisco@123
!
interface Dialer2
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp pap sent-username pppoe2 password 0 cisco@123
!
On R2
!
username pppoe1 password 0 cisco@123
!
bba-group pppoe global
virtual-template 1
!
interface Ethernet0/0
no ip address
pppoe enable group global
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
!
interface Virtual-Template1
mtu 1492
ip address 113.70.180.1 255.255.255.252
peer default ip address pool CLIENT
ppp authentication pap callin
!
ip local pool CLIENT 113.70.180.2
!
On R3
!
username pppoe2 password 0 cisco@123
!
bba-group pppoe global
virtual-template 1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/2
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

no ip address
pppoe enable group global
!
interface Virtual-Template1
mtu 1492
ip address 42.190.58.1 255.255.255.252
peer default ip address pool CLIENT
ppp authentication pap callin
!
ip local pool CLIENT 42.190.58.2
!
Verification:
R1#show ip interface brief | exclude as
Interface IP-Address OK? Method Status
Protocol
Ethernet0/0 192.168.1.1 YES NVRAM up
up
Dialer1 113.70.180.2 YES IPCP up
up
Dialer2 42.190.58.2 YES IPCP up
up

R1#ping 42.190.58.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 42.190.58.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1#ping 113.70.180.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 113.70.180.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Task 3: Configure default route on R4, static route and NAT Policy on R1
On R4
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
On R1
!
ip route 2.2.2.2 255.255.255.255 Dialer1
ip route 3.3.3.3 255.255.255.255 Dialer2
// Static Route to Loopback of R2 and R3.
!
ip access-list extended ToR2
4
Download PNETLab Platform
PNETLAB Store
PNETLab.com

permit tcp host 192.168.1.10 host 2.2.2.2 eq telnet


ip access-list extended ToR3
permit tcp host 192.168.1.10 host 3.3.3.3 eq telnet
!
//Create Access-List to match traffic telnet from R4 to Loopback of R2 and R3.
!
route-map ToR3 permit 10
match ip address ToR3
!
route-map ToR2 permit 10
match ip address ToR2
!
//Create Route-Map to attach the access-lists in two different permit statements.
!
interface Ethernet0/0
ip nat inside
!
interface Dialer1
ip nat outside
!
interface Dialer2
ip nat outside
!
//Create NAT inside, outside interface.
!
ip nat inside source static 192.168.1.10 42.190.58.2 route-map ToR3
ip nat inside source static 192.168.1.10 113.70.180.2 route-map ToR2
!
//Create NAT Translate in R1 based on route-map.
Task 4: Check NAT Translate table on R1 when R4 telnet to interface Loopback on R2 and R3.
R4#telnet 2.2.2.2
Trying 2.2.2.2 ... Open

R4#telnet 3.3.3.3
Trying 3.3.3.3 ... Open

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside
global
tcp 42.190.58.2:48539 192.168.1.10:48539 3.3.3.3:23
3.3.3.3:23
tcp 113.70.180.2:56679 192.168.1.10:56679 2.2.2.2:23
2.2.2.2:23
// We recognize that, R1 will NAT based on traffic to Outside.

You might also like