CISCO Lab # 11: How to configure Static NAT in CISCO Router

     

Tasks:

Configure the network as follows:
1) Router details:
    Outside = 8.8.8.100/24
    Inside = 10.1.1.254/24
    Default Route to 8.8.8.8
2) Configure static NAT so that the outside PC can access the internal HTTP, FTP and TFTP servers.
    HTTP = 8.8.8.200 (NAT only the required port). DNS = myhttp.com
    FTP = 8.8.8.201 (full static NAT). DNS = myftp.com
3) Verify that both the inside and the outside PCs can access the internal servers.
    Inside host to use internal IP addresses
    Outside host to use DNS names

Download Solved Lab

Solution:

We need to be able to access Internal servers for example HTTP Server from Outside PC 1.

In first step we need to be able to assign Interface IP Addresses for the router.

 

Router(config)#interface GigabitEthernet0/0/0
Router(config-if)#ip address 10.1.1.254 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
Router(config)#interface GigabitEthernet0/0/1
Router(config-if)#ip address 8.8.8.100 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#

Next we need to configure Router interfaces to designate them as inside or outside NAT 

Router(config)#interface gigabitEthernet 0/0/0
Router(config-if)#ip nat inside

Router(config)#interface gigabitEthernet 0/0/1
Router(config-if)#ip nat outside

Next step is to define NAT rules for the internal servers

Router(config)#ip nat inside source static tcp 10.1.1.100 80 8.8.8.200 80
Router(config)#ip nat inside source static tcp 10.1.1.100 443 8.8.8.200 443
Router(config)#ip nat inside source static 10.1.1.101 8.8.8.201 

We see that for FTP server we have not specified any ports. It will allow mapping of all ports from Public Local IP Address to Private Local IP Address. But specifying a port number is more secure method to be used.

Next we try to test the configurations by accessing http://myhttp.com from Outside PC 1

We see that we are able to access the webserver. Next we see the NAT translations at the router

Router#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
tcp 8.8.8.200:443      10.1.1.100:443     ---                ---
tcp 8.8.8.200:80       10.1.1.100:80      ---                ---
tcp 8.8.8.200:80       10.1.1.100:80      8.8.8.20:1025      8.8.8.20:1025
tcp 8.8.8.200:80       10.1.1.100:80      8.8.8.20:1026      8.8.8.20:1026
tcp 8.8.8.200:80       10.1.1.100:80      8.8.8.20:1027      8.8.8.20:1027
---  8.8.8.201         10.1.1.101         ---                ---

 We can clear NAT Translations with command

 

Router#clear ip nat translation *

 

Next we can again look at the translations

 

Router#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
tcp 8.8.8.200:443      10.1.1.100:443     ---                ---
tcp 8.8.8.200:80       10.1.1.100:80      ---                ---
---  8.8.8.201         10.1.1.101         ---                ---

We can also test ftp from the Outside PC 1 by opening myftp.com 

Router#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
tcp 8.8.8.200:443      10.1.1.100:443     ---                ---
tcp 8.8.8.200:443      10.1.1.100:443     8.8.8.20:1028      8.8.8.20:1028
tcp 8.8.8.200:80       10.1.1.100:80      ---                ---
tcp 8.8.8.201:21       10.1.1.101:21      8.8.8.20:1029      8.8.8.20:1029
---  8.8.8.201         10.1.1.101         ---                ---