6.6.7 Packet Tracer – Configure PAT Answers

Packet Tracer – Configure PAT (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Objectives

Part 1: Configure Dynamic NAT with Overload

Part 2: Verify Dynamic NAT with Overload Implementation

Part 3: Configure PAT using an Interface

Part 4: Verify PAT Interface Implementation

Part 1:  Configure Dynamic NAT with Overload

Step 1:  Configure traffic that will be permitted.

Open configuration window

On R1, configure one statement for ACL 1 to permit any address belonging to 172.16.0.0/16.

R1(config)# access-list 1 permit 172.16.0.0 0.0.255.255

Step 2:  Configure a pool of address for NAT.

Configure R1 with a NAT pool that uses the two useable addresses in the 209.165.200.232/30 address space.

R1(config)# ip nat pool ANY_POOL_NAME 209.165.200.233 209.165.200.234 netmask 255.255.255.252

Step 3:  Associate ACL 1 with the NAT pool and allow addresses to be reused.

R1(config)# ip nat inside source list 1 pool ANY_POOL_NAME overload

Step 4:  Configure the NAT interfaces.

Configure R1 interfaces with the appropriate inside and outside NAT commands.

R1(config)# interface s0/1/0

R1(config-if)# ip nat outside

R1(config-if)# interface g0/0/0

R1(config-if)# ip nat inside

R1(config-if)# interface g0/0/1

R1(config-if)# ip nat inside

Close configuration window

Part 2:  Verify Dynamic NAT with Overload Implementation

Step 1:  Access services across the internet.

From the web browser of each of the PCs that use R1 as their gateway (PC1, L1, PC2, and L2), access the web page for Server1.

Question:

Were all connections successful?

Type your answers here.

Yes

Step 2:  View NAT translations.

Open configuration window

View the NAT translations on R1.

R1# show ip nat translations

Notice that all four devices were able to communicate, and they are using just one address out of the pool. PAT will continue to use the same address until it runs out of port numbers to associate with the translation. Once that occurs, the next address in the pool will be used. While the theoretical limit would be 65,536 since the port number field is a 16 bit number, the device would likely run out of memory before that limit would be reached.

Close configuration window

Part 3:  Configure PAT using an Interface

Step 1:  Configure traffic that will be permitted.

Open configuration window

On R2, configure one statement for ACL 2 to permit any address belonging to 172.17.0.0/16.

R2(config)# access-list 2 permit 172.17.0.0 0.0.255.255

Step 2:  Associate ACL 2 with the NAT interface and allow addresses to be reused.

Enter the R2 NAT statement to use the interface connected to the internet and provide translations for all internal devices.

R2(config)# ip nat inside source list 2 interface s0/1/1 overload

Step 3:  Configure the NAT interfaces.

Configure R2 interfaces with the appropriate inside and outside NAT commands.

R2(config)# interface s0/1/1

R2(config-if)# ip nat outside

R2(config-if)# interface g0/0/0

R2(config-if)# ip nat inside

R2(config-if)# interface g0/0/1

R2(config-if)# ip nat inside

Close configuration window

Part 4:  Verify PAT Interface Implementation

Step 1:  Access services across the internet.

From the web browser of each of the PCs that use R2 as their gateway (PC3, L3, PC4, and L4), access the web page for Server1.

Question:

Were all connections successful?

Type your answers here.

Yes

Step 2:  View NAT translations.

Open configuration window

View the NAT translations on R2.

R2# show ip nat translations

Step 3:  Compare NAT statistics on R1 and R2.

Compare the NAT statistics on the two devices.

R1# show ip nat statistics

R2# show ip nat statistics

Question:

Why doesn’t R2 list any dynamic mappings?

Type your answers here.

R1 lists dynamic mappings for the pool of addresses that has been configured. R2 is only using the outside interface as the address to translate internal addresses to so there is no dynamic mapping.

R1# show ip nat statistics

Total translations: 3 (0 static, 3 dynamic, 3 extended)

Outside Interfaces: Serial0/1/0

Inside Interfaces: GigabitEthernet0/0/0 , GigabitEthernet0/0/1

Hits: 72 Misses: 54

Expired translations: 24

Dynamic mappings:

— Inside Source

access-list 1 pool DYNAMIC refCount 3

pool DYNAMIC: netmask 255.255.255.252

start 209.165.76.196 end 209.165.76.199

type generic, total addresses 4 , allocated 1 (25%), misses 0

Close configuration window

End of document

Answer Configurations

Router R1

enable

configure terminal

interface GigabitEthernet0/0/0

 ip nat inside

interface GigabitEthernet0/0/1

 ip nat inside

interface Serial0/1/0

 ip nat outside

ip nat pool DYNAMIC 209.165.200.233 209.165.200.234 netmask 255.255.255.252

ip nat inside source list 1 pool DYNAMIC overload

access-list 1 permit 172.16.0.0 0.0.255.255

end

Router R2

enable

configure terminal

interface GigabitEthernet0/0/0

 ip nat inside

interface GigabitEthernet0/0/1

 ip nat inside

interface Serial0/1/1

 ip nat outside

ip nat inside source list 2 interface Serial0/1/1 overload

access-list 2 permit 172.17.0.0 0.0.255.255

end

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments