How to configure NAT/PAT on Cisco Router?

shola2323 · 12-04-2013 8:16pm #1

As the above question, how do I configure NAT/PAT on a Cisco Router? I am currently using Packet Tracer for my topology and I have followed the Cisco instructions in its lab sheet provided but it just doesnt seem to work. In my topology I have:

- 2 Routers, 1 for my private network and 1 for my ISP (Private Router & ISP)
- Public Address as 200.0.0.0 /28
- fa0/0 of Private Router, I have my private network with a switch that is providing VLANs -
VLAN 10 192.168.2.0 /25
VLAN 20 192.168.2.128 /25
VLAN 30 192.168.3.0 /29
- VLAN 10 and VLAN 20 are DHCP configured from the Private Router
- VLAN 30 is statically IP configured with a server attached to it.

So what I need is my web server is to access the ISP and vice versa so a private and public address. My addressing schema is:

ISP se0/0/0 200.0.0.10 /30
Private Router se0/0/1 200.0.0.9 /30 & fa0/1 VLANs Default Gateway
Server - Public Address 200.0.0.13 - Private Address 192.168.3.13

I am able to ping from all VLANs to the Private router but anything on the other side of the router to the ISP it fails.

So according to the Cisco commands I followed I did the following:

ISP(config)#ip route 200.0.0.0 255.255.255.248 serial 0/0/0

Private Router(config)#ip route 0.0.0.0 0.0.0.0 200.0.0.10
Private Router(config)#router ospf 1
Private Router(config-router)#default-informatio… originate

Private Router(config)#ip nat inside source static 192.168.3.13 200.0.0.13

Private Router(config)#interface serial 0/0/1
Private Router(config-if)#ip nat outside
Private Router(config-if)#interface fa0/1
Private Router(config-if)#ip nat inside

According to Cisco I should be able to ping my ISP router to my server inside my Private Network and vice versa but for me it fails everytime. I tried adding access list too but this also lead to unsuccessful ping. Can someone please help? I just cannot seem to get past final phase of the lab sheet. Any reply would be greatly appreciated. Thank you

moc moc a moc · 12-04-2013 9:25pm

You've got the wrong subnet mask in your ISP router's route. 255.255.255.248 is /29, not /28, and 200.0.0.13 doesn't fall within this range.

shola2323 · 12-04-2013 11:36pm

What I did there was I applied VLSM across 200.0.0.0/28 so what I ended up with was

Subnet 1 NW 200.0.0.0 Host Range 200.0.0.1 - 200.0.0.6 Broadcast 200.0.0.7 /29
Subnet 2 NW 200.0.0.8 Host Range 200.0.0.9 - 200.0.0.10 Broadcast 200.0.0.11 /30 (WAN Connection)

And in regards to 200.0.0.13 I just gave the server .13 as there was only .12 & .13 & .14 left within the block (I know this is wrong but I literally just followed the way Cisco has done in their notes so just tried applying their theory to my topology)

Xantia · 13-04-2013 6:25am

Edit:
It looks ok on the subnetting side

Name Needed Allocated Address Mask Dec Mask Assignable Range Broadcast
A 6 6 200.0.0.0 /29 255.255.255.248 200.0.0.1 - 200.0.0.6 200.0.0.7
B 2 2 200.0.0.8 /30 255.255.255.252 200.0.0.9 - 200.0.0.10 200.0.0.11
C 2 2 200.0.0.12 /30 255.255.255.252 200.0.0.13 - 200.0.0.14 200.0.0.15

Krusader · 13-04-2013 9:18am

You need to configure NAT overloading

moc moc a moc · 13-04-2013 3:10pm

shola2323 wrote: »

What I did there was I applied VLSM across 200.0.0.0/28

Yeah, but the point is that your ISP router doesn't have a route back to 200.0.0.13. It doesn't know where to send the ping replies.

You'll need to change

ISP(config)#ip route 200.0.0.0 255.255.255.248 serial 0/0/0

to

ISP(config)#ip route 200.0.0.0 255.255.255.24[B]0[/B] serial 0/0/0

for the ISP router to send the reply packets back to your private router.

How to configure NAT/PAT on Cisco Router?

Comments