Home > Configure NAT – GNS3 Lab

Configure NAT – GNS3 Lab

May 24th, 2011 Go to comments

In this article we will demonstrate how to configure NAT using GNS3

Note: If you are not sure about NAT, please read my Network Address Translation NAT Tutorial

To configure static NAT we need to complete these tasks:
* Define the router’s interfaces as inside or outside:
R0uter(config-if)#ip nat inside (or ip nat outside)

* Define static mapping between the inside address and the outside address:
R0uter(config)#ip nat inside source static

+ Static NAT:

To make everything clear, we will configure static NAT in GNS3. Open your GNS3 and build a topology like this:

GNS3_NAT_topology.jpg

(IOS used: c2600-bin-mz.123-6f.bin but you can use other versions)

We should use 3 routers in this topology but I want to save some RAM and demonstrate how to ping from the loopback interface so I only use two :) Therefore we should configure the loopback interface of R0 as the source IP address and the fa0/0 interface of R0 as the “outgoing static NAT” address.

R0#configure terminal
R0(config)#int loopback0
R0(config-if)#ip address 10.0.0.1 255.0.0.0
R0(config-if)#ip nat inside

R0(config-if)#int f0/0
R0(config-if)#ip address 200.0.0.1 255.255.255.0
R0(config-if)#no shutdown
R0(config-if)#ip nat outside
R0(config-if)#exit

Finally, we have to tell the router to translate my private IP 10.0.0.1 to public IP 200.0.0.2 so that I can go to the Internet!

R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2

In R1 we just assign the IP address and no shut its interface.

R1#config terminal
R1(config)#int f0/0
R1(config-if)#ip address 200.0.0.10 255.255.255.0
R1(config-if)#no shutdown

Check if all things are right or not:

R0#show ip nat translations

GNS3_NAT_show_ip_nat_translations.jpg

In this article we don’t use a host attached to R0 so if we want to test our NAT configuration we have to ping from R0’s loopback interface by using the ping extended command:

We can use the extended ping command by typing only “ping” at the privileged mode, specify the “target IP address” and type “y” at the “Extended commands” and specify the “source address or interface” at shown below:

GNS3_NAT_ping_extended_nat_static.jpg

To approve NAT works well we can disable static NAT with the following command

R0(config)#no ip nat inside source static 10.0.0.1 200.0.0.2

Now if we use the extended ping command (without NAT configured):

GNS3_NAT_ping_extended_no_nat.jpg

-> We can’t ping from the loopback interface.

Download static NAT configuration: http://www.9tut.com/download/NAT_static_CCNA_self_study.zip

+ Dynamic NAT:

To configure dynamic NAT we need to complete these tasks:

* Define a pool of addresses (public IP) to be used for dynamic NAT allocation

Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }

* Configure a standard access control list to define what internal traffic will be translated

Router(config)#access-list access-list-number permit source [source-wildcard]

Link the access list to the NAT pool

Router(config)#ip nat inside source list access-list-number pool pool_name

Define interfaces as either inside and outside

Router(config-if)# ip nat inside (on fa0/0, for example)
Router(config-if)#ip nat outside
(on fa0/1, for example)

* Dynamic NAT configuration example:

RouterA(config)# access-list 1 permit 192.168.0.0 0.0.0.255
RouterA(config)# ip nat pool PoolforNAT 200.23.123.6
200.23.123.10 netmask 255.255.255.0
RouterA(config)# ip nat inside source list 1 pool PoolforNAT

Note: In the above command, the word “inside” means “I want to NAT from inside to outside”; “list 1” means “the source IP addresses to NAT are included in Access-list 1”; “pool PoolforNAT” means “NAT to the IP addresses specified in PoolforNAT”.

RouterA(config)# int loopback0
RouterA(config-if)# ip nat inside

RouterA(config-if)# int fa0/0
RouterA(config-if)# ip nat outside

Configure PAT (NAT Overload)

* Configure a standard access list to define what internal traffic will be translated
* Link the access list to the interface to be used for PAT
* Define interfaces as either inside or outside

PAT router commands
RouterA(config)# access-list 1 permit 192.168.0.0 0.0.0.255
RouterA(config)# ip nat inside source list 1 interface fa0/0 overload

(Notice the “interface fa0/0” means “NAT out of this interface” and the keyword overload for PAT in the above command)

RouterA(config)# interface fa0/0
RouterA(config-if)# ip nat outside

RouterA(config-if)# interface loopback0
RouterA(config-if)# ip nat inside

Comments (28) Comments
Comment pages
1 2 578
  1. maroko9
    April 26th, 2013

    hello, please how can I open or use those .cfg configuration files please ?
    thx

  2. martamob
    May 10th, 2013

    great job explaining NAT/PAT

  3. Anonymous
    May 23rd, 2013

    Hello taking ccna on 4 june 13 can some one send me the current dump to mcfaddei@yahoo.com

  4. hojjat
    June 4th, 2013

    very nice thank you

  5. flake
    June 19th, 2013

    can you assign the outside local (200.23.123.6) in a different subnet with the outgoing interface 0/0 (200.0.0.1)? How would that work?

  6. Svetlana
    December 11th, 2013

    Thanks a lot. An excellent example for bigginers.

  7. K NITHIN KUMAR
    May 11th, 2014

    Good explanation,easy to understand.
    thank you…………..

  8. Kay
    May 19th, 2014

    Hello taking ccna in end of June, can some one send me the current dump to karimnasa@yahoo.com

  9. jingga08
    July 8th, 2014

    thanks it works… :)

  10. sopdestiny
    September 18th, 2014

    lol why does everyone keep asking for the latest dumps to be sent to their email??
    Thanks for the NAT/PAT info

  11. Hassab
    March 28th, 2015

    Hi,
    can some one send me latest dumps on my email rajahassan76@yahoo.com

  12. asaf
    April 9th, 2015

    thanx a lot for this tutorial. it’s very clear and well elaborated.

  13. Rakesh
    July 2nd, 2015

    Hi,

    Is there any option to NAT the VPN traffic destined for specific destination outside ?

  14. ross
    July 16th, 2015

    for the dynamic NAT, what do the interface ip configs needed to be?
    I left the interface with the same IP from the static NAT tutorial but its not working with the dynamic NAT?

  15. Ronald
    October 6th, 2015

    Where did you get 200.0.0.2 for inside global?

  16. patty
    December 31st, 2015

    Cheap Navy Kevin Williams Game Jersets Cheap Limited Stephen Bowen Pink Jerseys

  17. apri
    March 24th, 2016

    well explained!!

  18. DAMS
    April 20th, 2016

    Great Job .. Many Thanks..

  19. I’m always right
    May 22nd, 2016

    This is a bogus lab. You need to connect a router to R0 via fa or se and than try to static nat it. You ‘ll see that it’s a little bit more complicated than using a virtual end poingt

  20. Anonymous
    June 30th, 2016

    please send the latest dump to {email not allowed}

  21. AOT
    August 23rd, 2016

    hi guys, please I need the new CCNA Dumps, please email me {email not allowed}

  22. AOT
    August 23rd, 2016

    hi guys, please I need the new CCNA Dumps, please email me syndy005(yahoo.com)

  23. Javier
    November 2nd, 2016

    Where did you get 200.0.0.2 for inside global?

  24. any
    November 9th, 2016

    Very nice explanation
    Thanks

  25. ani
    November 11th, 2016

    again when we want to write ccna exam
    it is easy are tuff
    now the syallabus was changed
    plz reply

  26. Bharat P
    November 28th, 2016

    easy

  27. kevin
    December 6th, 2016

    I am a french
    it return an error when testing ip nat translations
    it doesn’t reconize show

  28. jade green fascinator
    January 5th, 2017

    Perfectly composed content, appreciate it for selective information. “In the fight between you and the world, back the world.” by Frank Zappa.

    http://pinkfascinator.com/always-enjoyable-beauty-lime-green-fascinators-for-stunning-looks/

Comment pages
1 2 578