CIS-3210 Lab #11: Network Address Translation (NAT)

Reading: The NAT slides covered in class are relevant to this lab.

In this lab, you will configure port address translation, a form of network address translation, on a router.

Part 1: Configure The Network

Using Packet Tracer, construct the following network:

Lab #11 Network

Device Interface IP Address Subnet Mask Default Gateway
Gateway Gig0/1 192.168.1.1 255.255.255.0 N/A
Se0/0/1 209.165.201.18 255.255.255.252 N/A
ISP Se0/0/0 (DCE) 209.165.201.17 255.255.255.252 N/A
Lo0 192.31.7.1 255.255.255.255 N/A
PC-A NIC 192.168.1.20 255.255.255.0 192.168.1.1
PC-B NIC 192.168.1.30 255.255.255.0 192.168.1.1
PC-C NIC 192.168.1.40 255.255.255.0 192.168.1.1
Addressing Table

In this lab, go back to the 1941 router, and continue using the 2960-24TT switches as you have before. Be careful to connect each line to the indicated interface.

As usual, configure the basic settings (Global Settings and Console Access; you do not need to configure remote access for this lab) on all the devices.

Configure the network interfaces on the routers using the addresses in the addressing table. You do not need to configure switch virtual interfaces in the switches for this lab.

Create a static route from the ISP router to the Gateway router:

  ISP(config)# ip route 209.165.200.224 255.255.255.248 209.165.201.18

According to this static route, what range of IP addresses will the ISP forward to the Gateway router?

Create a default route from the Gateway router to the ISP router:

  Gateway(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.17

Verify connectivity from the PC hosts to the Gig0/1 interface on the Gateway router. Are the PCs able to ping the Se0/0/0 interface on the ISP router? Explain. Verify that the static routes are configured correctly on both routers.

In the first part of the lab, the ISP allocates your company the public IP address range of 209.165.200.224/29. This provides the company with six public IP addresses. Dynamic NAT pool overload uses a pool of IP addresses in a many-to-many relationship. The router uses the first IP address in the pool and assigns connections using the IP address plus a unique port number. After the maximum number of translations for a single IP address has been reached on the router (platform and hardware specific), it uses the next IP address in the pool. NAT pool overload is a form port address translation (PAT) that overloads a group of public IPv4 addresses.

In Part 3, the ISP has allocated a single IP address, 209.165.201.18, to your company for use on the Internet connection from the company Gateway router to the ISP. You will use the PAT to convert multiple internal addresses into the one usable public address. You will test, view, and verify that the translations are taking place, and you will interpret the NAT/PAT statistics to monitor the process.

Part 2: Configure the NAT Pool Overload

In this part, you will configure the Gateway router to translate the IP addresses from the 192.168.1.0/24 network to one of the six usable addresses in the 209.165.200.224/29 range.

Do the following steps:

  1. Define an access control list (use number 1) that permits access to the entire subnetwork connected to the switch S1.
  2. Define a NAT address pool named PUBLIC-ACCESS that specifies the range of IP addresses mentioned above.
  3. Use the command ip nat inside source list 1 pool PUBLIC-ACCESS overload to associate the address pool with the inside source list specified by ACL number 1.
  4. Configure the interfaces on the Gateway router as inside or outside as appropriate.

Verify the configuration by trying to ping 192.31.7.1 from each PC. Use the command show ip nat statistics to observe the NAT statistics on the Gateway router after doing the pings. Use the command show ip nat translations to observe the NAT translations on the Gateway router.

Part 3: Configure Port Address Translation (PAT)

In Part 3, you will configure PAT by using an interface instead of a pool of addresses to define the outside address. Not all the commands in Part 2 will be reused in Part 3.

Do the following steps:

Be sure to record the commands you used above for your report.

Remove the NAT translation from the inside source list to the pool by with the same command you used to create that association, except prefixed by "no."

Remove the NAT pool using the same command as you used to create it, except prefixed by "no." Note that if you try to remove the pool too early, it will fail with a message about the pool being in use.

Now associate the source list with the outside interface:

Gateway(config)# ip nat inside source list 1 interface serial 0/0/1 overload

Verify the configuration by trying to ping 192.31.7.1 from each PC. Use the command show ip nat statistics to observe the NAT statistics on the Gateway router after doing the pings. Use the command show ip nat translations to observe the NAT translations on the Gateway router. What do you observe that was different than before?

Submission

For this lab, submit your final PacketTracer model, along with a document containing the commands you used to configure your devices, and your answers to the questions. The preferred document format is PDF, but Word, ODT, or plain text is also acceptable.

Last Revised: 2023-11-14
© Copyright 2023 by Peter Chapin <peter.chapin@vermontstate.edu>