Dynamic NAT (PAT)

In computer networkingnetwork address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.

In this case we want to make an internal network that our clients can communicate with outside of our network such as an ISP.
 
Because we have just one IP, we must use dynamic NAT and also PAT.
  • In PAT bandwidth shares between clients.

Our internal network contains the below devices:

  1. One router.
  2. One switch.
  3. Two clients.

And on other hand, ISP network have the below devices:

  1. One router.
  2. One client.

ISPClient is like a web server, ftp server or any devices on over the internet. Our clients must be able to communicate with ISPClient.


Step 1: Prepare our clients and ISPClient
We assign an IP address to each client:

VPCS[1]> ip 192.168.1.1 192.168.1.254 8
PC1 : 192.168.1.1 255.0.0.0 gateway 192.168.1.254

VPCS[2]> ip 192.168.1.2 192.168.1.254 8
PC2 : 192.168.1.2 255.0.0.0 gateway 192.168.1.254

VPCS[3]> ip 10.0.0.1 10.0.0.254 24
PC3 : 10.0.0.1 255.255.255.0 gateway 10.0.0.254

Step 2: Config internal router
We assign an IP address to each interface and also we must be defined outside interface and inside interface:

R2(config)#int f2/0
R2(config-if)#ip nat inside
R2(config-if)#no shut
R2(config-if)#ip add 192.168.1.254 255.255.255.0
R2(config-if)#int s1/0
R2(config-if)#no shut
R2(config-if)#ip add 20.0.0.1 255.0.0.0
R2(config-if)#clockrate 64000
R2(config-if)#ip nat outside


Step 3: Control traffic by an ACL
One access list must be assigned to our outside interface:

R2(config)#access-list 10 permit 192.168.1.0 0.0.0.255
R2(config)#ip nat inside source list 10 interface s1/0


Step 4: Write a route for internal network

R2(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2


Step 5: Config ISP router

R1(config)#int f1/0
R1(config-if)#no shut
R1(config-if)#ip add 10.0.0.254 255.0.0.0
R1(config-if)#int s2/0
R1(config-if)#no shut
R1(config-if)#ip add 20.0.0.2 255.0.0.0

Step 6: Write an access list for control incoming traffic on ISPClient

R1(config)#access-list 100 permit icmp any host 10.0.0.1 echo
R1(config)#access-list 100 permit icmp host 10.0.0.1 any  echo-reply
R1(config)#access-list 100 permit icmp host 10.0.0.1 any echo
R1(config)#access-list 100 permit icmp any host 10.0.0.1 echo-reply
R1(config)#int f1/0
R1(config-if)#ip access-group 100 in


Step 7: Write a route for ISP router


R1(config)#ip route 20.0.0.0 255.0.0.0 s2/0


Finally, if we ping ISPClient from each internal client, we have reply message.


Project files link:

  1. Project file
  2. Start-up config


[quotes_and_tips]

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our newsletter and join other subscribers

Holler Box