Options

Dynamic NAT Question

UsualSuspect7UsualSuspect7 Member Posts: 97 ■■■□□□□□□□
in CCNA & CCENT


//NAT_RTR


## DHCP
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool APPLE
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 4.4.4.4


## ACL
access-list 50 permit 10.10.10.0 0.0.0.255


## NAT
ip nat pool NAT 11.11.11.0 11.11.11.5 netmask 255.255.255.0
ip nat inside source list 50 pool NAT


## interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no shut



## interface GigabitEthernet0/1
ip address 208.10.10.1 255.255.255.248
ip nat outside
duplex auto
speed auto
no shut


## Route
ip route 0.0.0.0 0.0.0.0 208.10.10.2




//ISP

## interface GigabitEthernet0/0
ip address 208.10.10.2 255.255.255.248
no shut








Context:
- I do not want to use overload; because when I add another PC to the SW; when i attempt to make a connection to the 208.10.10.2 IP; I want to see under show ip nat translation; multiple IP's matching a different NAT.


The connection work when I add a default route back from ISP to NAT_RTR; when I remove that route and add a 208.10.10.10 255.255.255.248 to 208.10.10.1




I hoping you guys can help me ping from computer to destination?
CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA
· Share on FacebookShare on Twitter

Comments

  • Options
    UsualSuspect7UsualSuspect7 Member Posts: 97 ■■■□□□□□□□
    Solved it!!!!! I'm an idiot!!!

    no route existed for the NAT POOL on the ISP router. So that's why the default was working and not the subnet for the interface.

    on ISP
    > ip route 11.11.11.0 255.255.255.0 208.10.10.1

    this will correct the routing issue with the return traffic.




    r1#show ip nat translations



    So in the event if anyone is curious as i'am with the overload command when the inside local ip is being natted by computer 1 it will be translated to the first available ip within the nat pool; the second computer with the local ip will then be natted to the second available and won't utilize the ports as evidence listed below:

    cool stuff!!!!

    r1#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 11.11.11.1:1 10.10.10.12:1 208.10.10.2:1 208.10.10.2:1
    icmp 11.11.11.1:2 10.10.10.12:2 208.10.10.2:2 208.10.10.2:2
    icmp 11.11.11.1:3 10.10.10.12:3 208.10.10.2:3 208.10.10.2:3
    icmp 11.11.11.1:4 10.10.10.12:4 208.10.10.2:4 208.10.10.2:4
    icmp 11.11.11.1:5 10.10.10.12:5 208.10.10.2:5 208.10.10.2:5
    icmp 11.11.11.1:6 10.10.10.12:6 208.10.10.2:6 208.10.10.2:6
    icmp 11.11.11.1:7 10.10.10.12:7 208.10.10.2:7 208.10.10.2:7
    icmp 11.11.11.1:8 10.10.10.12:8 208.10.10.2:8 208.10.10.2:8
    icmp 11.11.11.2:23 10.10.10.11:23 208.10.10.2:23 208.10.10.2:23
    icmp 11.11.11.2:24 10.10.10.11:24 208.10.10.2:24 208.10.10.2:24
    icmp 11.11.11.2:25 10.10.10.11:25 208.10.10.2:25 208.10.10.2:25
    icmp 11.11.11.2:26 10.10.10.11:26 208.10.10.2:26 208.10.10.2:26
    CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA
    · Share on FacebookShare on Twitter
Sign In or Register to comment.