Lab 6-1 NAT Configuration - Static NAT

Practical Implementation: Static NAT Lab

Let's explore how to implement Static NAT in a practical networking scenario. In this lab, we'll configure a network where a web server with a private IP address (10.0.0.2) will be accessible from the internet using a public IP address (50.0.0.1).

Network Topology

Our lab consists of:

• Router 1 (R1): Connected to the web server and Router 0

• Router 0 (R0): Connected to Router 1 and client PCs

• Web Server: Using private IP 10.0.0.2

• Client PCs: In the 30.0.0.0/8 network

Configuration Steps

1. Configure Router Interfaces

First, we set up the router interfaces with appropriate IP addresses:

Router 1 (R1):

enable
configure terminal
hostname R1
interface fastethernet 0/0
ip address 10.0.0.1 255.0.0.0
no shutdown
exit
interface serial 0/0/0
ip address 20.0.0.2 255.0.0.0
no shutdownexit

Router 0 (R0):

enable
configure terminal
hostname R0
interface fastethernet 0/0
ip address 30.0.0.1 255.0.0.0
no shutdown
exit
interface serial 0/0/0
ip address 20.0.0.1 
255.0.0.0
clock rate 64000
bandwidth 64
no shutdown
exit

2. Configure Routing

Next, we establish routing between the networks:

Router 1:

ip route 30.0.0.0 255.0.0.0 20.0.0.1

Router 0:

ip route 50.0.0.0 255.0.0.0 20.0.0.2

3. Test Connectivity

At this point, clients in the 30.0.0.0/8 network should be able to ping Router 0's address (30.0.0.1) and Router 1's serial interface (20.0.0.1), but they cannot reach the web server at 10.0.0.2 because there's no direct route to the 10.0.0.0/8 network.

4. Configure Static NAT

The key part of our exercise is configuring static NAT on Router 1:

Define NAT interfaces:

interface fastEthernet 0/0
ip nat inside
exit
interface serial 0/0/0
ip nat outside
exit

Create the static NAT rule:

ip nat inside source static 10.0.0.2 50.0.0.1

This command establishes a one-to-one translation mapping: any traffic destined for 50.0.0.1 will be redirected to 10.0.0.2, and any traffic from 10.0.0.2 will appear to come from 50.0.0.1.

5. Verify NAT Configuration

To verify that NAT is working correctly:

show ip nat translations

This command displays the active NAT translations, which should show our static mapping between 10.0.0.2 and 50.0.0.1.

6. Test Access

After NAT configuration, clients should now be able to:

• Ping the web server using its NAT address (50.0.0.1)

• Access the web server's page by entering http://50.0.0.1 in a browser

Troubleshooting NAT

If NAT isn't working as expected, check these common issues:

1. Interface Definition: Ensure interfaces are correctly defined as "inside" or "outside"

2. Routing: Verify routing is properly configured for both private and public networks

3. ACLs: Check if any access control lists are blocking the translated traffic

4. NAT Rule Syntax: Confirm the NAT command syntax is correct

5. Connection Tracking: Use show ip nat statistics to monitor NAT operations

Conclusion

Network Address Translation has evolved from a temporary solution to a fundamental component of modern networking. As network address translation modifies IP address information in packets, implementations may vary in their specific behavior and effect on network traffic. Understanding these variations and implementing the appropriate type of NAT for your network requirements is essential for effective network administration.

The static NAT implementation detailed in our lab exercise demonstrates a basic but powerful application of NAT that allows internal servers to be accessible from the internet while maintaining the security and flexibility of a private network infrastructure.

3.7 Sonnet