Cisco Simple NAT
WHAT
The simplest way to learn some cisco is trying to do a simple NAT in your home router so you can share your internet connection multiple computers. This is probably the most asked question by beginners.
STEP 1 - Gateway
Get into configuration mode
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Set the hostname so we don't get confused
Router(config)#hostname gateway
And configure the fa0/0 interface as the inside nat network
gateway(config)#interface FastEthernet 0/0 gateway(config-if)#ip nat inside gateway(config-if)#ip address 192.168.0.1 255.255.255.0 gateway(config-if)#no shutdown *Mar 1 00:18:38.071: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up *Mar 1 00:18:39.071: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up gateway(config-if)#exit
Same thing for 1/0, outside nat ( our Inet connection )
gateway(config)#interface FastEthernet 1/0 gateway(config-if)#ip nat outside gateway(config-if)#ip address 10.0.0.3 255.255.255.0 gateway(config-if)#no shutdown *Mar 1 00:18:40.011: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up *Mar 1 00:18:40.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up gateway(config-if)#exit
Now set up a standard accesslist with the name 'inside_nat_addresses' ( feel free to change it ) in which we tell that 192.168.*.* will match this ACL
gateway(config-if)#ip access-list standard inside_nat_addresses gateway(config-std-nacl)#permit 192.168.0.0 0.0.0.255 gateway(config-std-nacl)#exit
NOW, GOD says to do NAT ! This is read "I want to nat from _inside out_ all the hosts in 'inside_nat_addresses' to fa1/0 with port forwarding
gateway(config)#ip nat inside source list inside_nat_addresses interface FastEthernet 1/0 overload gateway(config)#exit *Mar 1 00:18:56.083: %SYS-5-CONFIG_I: Configured from console by console
SAVE it and pray it works ! ( WORKED FOR ME !
gateway#write mem Building configuration... [OK]
STEP 2 - Client
Now 1 of the clients .. I'll be using another router as a client ( cisco again )
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Set the hostname so we don't get confused
Router(config)#hostname test
And configure the fa0/0 interface as one ip in our NAT network
test(config)#interface FastEthernet 0/0 test(config-if)#ip address 192.168.0.5 255.255.255.0 test(config-if)#no shutdown *Mar 1 00:20:11.051: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up *Mar 1 00:20:12.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up test(config-if)#exit
Now add the default gateway
test(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 test(config)#exit
Et voila !
test#write mem Building configuration... [OK]
DEBUGGING
Now you should be able to NAT all your 192.168.*.* to your fa1/0
Check the current settings using
show ip interface brief
and the nat connections
show ip nat translations
Some debugging
debug ip packet detail
and
debug ip nat detail
Be careful with the debug levels, 'detail' is only recommended in lab situations !
When trying to use pings, to stop them use ctrl+shift+6
