暗夜星空: How to configure PAT on Cisco IOS Router

Saturday, February 22, 2020

How to configure PAT on Cisco IOS Router

I have covered the configuration of static NAT and dynamic NAT in previous lessons, now it’s time for PAT. This is the topology we’ll use:

Let’s prepare the hosts. I am using normal Cisco routers with “ip routing” disabled to turn them into dumb hosts:

Host1(config)#no ip routing
Host1(config)#default gateway 192.168.123.3

Host2(config)#no ip routing
Host2(config)#ip default-gateway 192.168.123.3

Next step is to configure NAT:

NAT(config)#interface fastEthernet 0/0
NAT(config-if)#ip nat inside

NAT(config)#interface fastEthernet 1/0
NAT(config-if)#ip nat outside

So far so good, let’s create an access-list that matches both hosts:

NAT(config)#access-list 1 permit 192.168.123.0 0.0.0.255

And finally we’ll configure PAT:

NAT(config)#ip nat inside source list 1 interface fastEthernet 1/0 overload

I select access-list 1 as my inside source and I will translate them to the IP address on FastEthernet 1/0. The big magic keyword here is overload. If you add this we will enable PAT!

Let’s give it a test run shall we?

To take a closer look at the port number I won’t use ping but we’ll connect to TCP port 80 of the webserver (Web1):

Web1(config)#ip http server

First we’ll enable the webserver.

We can use telnet to connect to port 80:

Host1#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 ... Open

Host2#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 ... Open

As you see it says “open” which means that we successfully connected to port 80.

Let’s see what the NAT/PAT table looks like now:

NAT#show ip nat translations  
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.23.2:46369 192.168.123.1:46369 192.168.23.3:80  192.168.23.3:80
tcp 192.168.23.2:50669 192.168.123.2:50669 192.168.23.3:80  192.168.23.3:80

Above you see that it keeps track of the port number and that both hosts are translated to IP address 192.168.23.2. Mission accomplished!

Telnet is a great command to connect to different TCP ports. You can use it to test access-lists or connectivity…or in my example to play with NAT/PAT.

hostname Host1
!
interface FastEthernet0/0
 ip address 192.168.123.1 255.255.255.0
!
no ip routing
ip default-gateway 192.168.123.3
!
end

hostname Host2
!
interface FastEthernet0/0
 ip address 192.168.123.2 255.255.255.0
!
no ip routing
ip default-gateway 192.168.123.3
!
end

hostname NAT
!
interface FastEthernet0/0
 ip address 192.168.123.3 255.255.255.0
 ip nat inside 
!
interface FastEthernet1/0
 ip address 192.168.23.2 255.255.255.0
 ip nat outside
!
access-list 1 permit 192.168.123.0 0.0.0.255
ip nat inside source list 1 interface fastEthernet 1/0 overload
!
end

hostname Web1
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
ip http server
!
end

That’s it! You have now learned how to configure PAT on your Cisco IOS router. If you enjoyed this lesson or have any more questions, please leave a comment!

暗夜星空

Saturday, February 22, 2020

How to configure PAT on Cisco IOS Router

No comments:

Post a Comment