Lab
11.3.5: Configuring Dynamic Overlapping NAT with ISDN
Objectives:
To configure an ISDN connection between Bread company router and
the Butter company router, and configure it so that the two
networks which have the same IP addresses can communicate
together. To accomplish the communication we will configure
dynamic overlapping network address translation.
Scenario:
The Bread company has recently merged with the Butter company. It
is our job to connect the two companies together via an ISDN link.
Our only problem is that both of the companies have implemented the
same private addressing scheme on their networks. Since changing all
of the IP addresses in one or both of the companies is not an option
due to the large number of users at each company, we are left with
only one alternative, Overlapping Network Address Translation. It is
our job to connect the two companies together via ISDN and configure
the appropriate address translation so that they can communicate
together.
Notes:
Lab Tasks:
Cable the lab as shown in the diagram.
Check to make sure that the correct Cisco IOS is loaded on the
Office router. It should support network address translation.
The next task is to set up the routers and ISDN connection as in
previous labs:
Before configuring network address translation on the Office
router, test your configurations by pinging the other router. This
way you are insuring that your basic configuration is correct
before changing it.
Luckily we only have to configure one of the routers with
dynamic overlapping network address translation. There are some
key terms to understand before starting to program the router.
Inside local addresses are the private addresses used on the
internal network. Inside global addresses the addresses that our
local IP addresses are translated into on the way out of the
router. Usually the Inside global addresses are real IP addresses
on the Internet. Outside global addresses are the IP addresses
that get translated on the way into the local network. The outside
local addresses are what the outside global addresses get
translated into, and are how the local network sees the remote
network.
We will be configuring the Butter router with Overlapping NAT. So
for our exercise, the local area network on the Butter router
(inside local addresses) sees the Bread routers LAN as network
200.245.32.0 (outside local address). But the Bread routers LAN
(outside global) sees the Butter routers LAN as network 206.128.71.0
(outside local). The outside global address is the 10.30.30.0
network on the Bread router. And the inside local address is the
10.30.30.0 network on the Butter router.
The first step in configuring overlapping NAT on the Butter
router is to define a pool of inside global addresses to be
allocated as needed. And define a pool of outside local addresses
to be allocated as needed. From the Butter routers global
configuration enter the following:
Butter(config)#ip nat pool net-200
200.245.32.1 200.245.32.254 netmask 255.255.255.0
Butter(config)#ip nat pool
net-206 206.128.71.1 206.128.71.254 netmask 255.255.255.0
Why do we need two IP address pools for NAT?
Now we need to define a standard access list permitting those
addresses that are to be translated.
Next we need to establish dynamic outside source translation,
specifying the access list defined in the prior step. And establish
dynamic inside source translation, specifying the access list
defined in the previous step. This sets up the translation of
internal private addresses into external addresses and the
translation of external private addresses into internal addresses.
Butter(config)#ip nat outside
source list 4 pool net-206
Butter(config)#ip nat inside source list 4 pool net-200
Why are we using the same source list for both the inside NAT
translation and the outside NAT translation?
What would happen if we mistakenly reversed the two IP address
pools and applied net-200 to the outside and net-206 to the inside?
The final part of the configuration is to tell the router which
interface is the inside interface and which is the outside
interface. The inside interface is the one that connects to our
internal network and the outside interface is the one that connects
to the Bread router.
Finally it is time to verify that NAT is operating correctly on
our Office router.
Butter#show ip nat translations
What information did the router respond with?
Butter#show ip nat statistics
What information did the router respond with?
Now for testing NAT. Don't forget to add a static route back to
your global network on the Bread router. From a workstation on the
Butter network, ping 10.30.30.2.
Were you successful?
From the Butter router enter the following:
Butter#show ip nat translations
What information did the router respond with?
Butter#show ip nat translations
verbose
What information did the router respond with?
Butter#show ip nat statistics
What information did the router respond with?
Now from the workstation on the Bread routers network. Ping the
global IP address for the workstation listed in the nat translation
table on the Butter router.
Were you successful?
From the same workstation ping an inside global address that is
not in the nat table.
Were you successful?
Butter#show ip nat translations
Explain why you were not successful with your ping?
What is meant by "outside" as it pertains to overlapping
translation?
What is meant by "local" as it pertains to overlapping
translation?