This section shows how to achieve the same result – ServerA communicates with PC1 using 172.16.10.10 NAT IP instead of 192.168.1.10 real IP with inside source and outside source NAT configurations. This is a knowledge attack session which strengthens the understanding of NAT terminologies and operations.
The *** indicates where the NAT operations are initiated according to the ip nat commands.
Note: A router does not require a physical nor logical interface to reside in the NAT IP address subnet for the operation of NAT – 172.16.10.0/24 in this case.
RT1 configuration for ip nat inside source operation:
! interface FastEthernet0/0 ip address 172.16.1.2 255.255.255.0 ip nat outside ! interface FastEthernet1/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! ip nat inside source static 192.168.1.10 172.16.10.10 !
Below shows the NAT debug messages on RT1 for the configuration above:
RT1#debug ip nat
IP NAT debugging is on
RT1#
00:04:29: NAT*: s=10.10.10.10, d=172.16.10.10->192.168.1.10 [15]
00:04:29: NAT*: s=192.168.1.10->172.16.10.10, d=10.10.10.10 [15]
00:04:29: NAT*: s=10.10.10.10, d=172.16.10.10->192.168.1.10 [16]
00:04:29: NAT*: s=192.168.1.10->172.16.10.10, d=10.10.10.10 [16]
00:04:29: NAT*: s=10.10.10.10, d=172.16.10.10->192.168.1.10 [17]
00:04:29: NAT*: s=192.168.1.10->172.16.10.10, d=10.10.10.10 [17]
RT1 configuration for ip nat outside source operation:
! interface FastEthernet0/0 ip address 172.16.1.2 255.255.255.0 ip nat inside ! interface FastEthernet1/0 ip address 192.168.1.1 255.255.255.0 ip nat outside ! ip nat outside source static 192.168.1.10 172.16.10.10 ip route 172.16.10.10 255.255.255.255 FastEthernet1/0 !
No comments:
Post a Comment