Lab ID: 9.9K214A088.SQI1.

Sequential Lab: Static Network Address

Translation
Objective
Configure a simulated network to translate a private IP addresses to a public IP addresses that can be
used on the wide area network (WAN) by using static Network Address Translation (NAT). Configure NAT
functionality on Router4.

Lab Topology
The Topology diagram below represents the NetMap in the Simulator.

Command Summary
Command Description
configure terminal enters global configuration mode from privileged EXEC mode
enable enters privileged EXEC mode
end ends and exits configuration mode
exit exits one level in the menu structure
interface type number changes from global configuration mode to interface configuration
mode
ip nat inside defines the inside interface for NAT
ip nat inside source static inside- creates a static NAT translation
local-address inside-global-address
ip nat outside sets an interface to be an outside interface
ping ip-address sends an Internet Control Message Protocol (ICMP) echo
request to the specified address
show ip nat translations displays the NAT translation table
show running-config displays the active configuration file
1 Boson NetSim Lab Manual
 The IP addresses and subnet masks used in this lab are shown in the tables below:

IP Addresses
Device Interface IP Address Subnet Mask
Router3 Serial 0/1 180.10.1.1 255.255.255.0
Router4 Serial 0/0 180.10.1.2 255.255.255.0
FastEthernet 0/1 192.168.1.1 255.255.255.0

Device IP Address Subnet Mask Default Gateway

PC1 192.168.1.2 255.255.255.0 192.168.1.1
PC3 192.168.1.3 255.255.255.0 192.168.1.1

Lab Tasks
NAT is used to perform address translation between two networks, which are identified as the inside
network and the outside network in NAT terminology. NAT is configured on a router that has one interface,
which connects to the inside network, and another interface, which connects to the outside network. Static
NAT is used to statically map a single inside local address to a single global address.
1. Attempt to ping from PC1 to Router3 (180.10.1.1). Was the ping successful? Why or why not? ___
______________________________________________________________________________

2. On Router4, configure NAT to statically translate PC1’s IP address to 180.10.1.15.

3. Display the NAT translation table on Router4. The inside local IP address (192.168.1.2) is translated
to what inside global IP address? ____________________________________________________
Does the inside global IP address normally represent a public or a private IP address? _________

4. Verify that you can ping from PC1 to Router3 (180.10.1.1).

5. On Router4, configure NAT to statically translate PC3’s IP address to 180.10.1.16.

6. Display the NAT translation table on Router4. The inside local IP address (192.168.1.3) is translated
to what inside global IP address? ____________________________________________________

7. Attempt to ping from Router3 to PC1 (192.168.1.2). Is the ping successful? Why or why not? _____
______________________________________________________________________________

8. Attempt to ping from Switch2 to Router3 (180.10.1.1). Is the ping successful? What could you do to
enable the ping to succeed? _______________________________________________________

2 Boson NetSim Lab Manual

 Lab Solutions
1. The ping from PC1 to Router3 (180.10.1.1) fails because PC1 has a private IP address that is not
being advertised as a route to the network.

2. On Router4, issue the following commands to configure NAT to statically translate PC1’s IP address
to 180.10.1.15:

Router4>enable
Password:cisco
Router4#configure terminal
Router4(config)#ip nat inside source static 192.168.1.2 180.10.1.15
Router4(config)#interface fastethernet 0/1
Router4(config-if)#ip nat inside
Router4(config-if)#interface serial 0/0
Router4(config-if)#ip nat outside
Router4(config-if)#end

3. On Router4, issue the show ip nat translations command to display the NAT translation table.
NAT translates the inside local IP address (192.168.1.2), which is usually a private IP address, to an
inside global IP address (180.10.1.15), which is usually a registered IP address. The inside global
IP address normally represents a public, or registered, IP address. Sample output from the show ip
nat translations command is shown below:

Router4#show ip nat translations

Pro Inside global Inside local Outside local Outside global
--- 180.10.1.15 192.168.1.2 --- ---

4. A ping from PC1 to Router3 (180.10.1.1) should succeed.

5. On Router4, issue the following commands to configure NAT to statically translate PC3’s IP address
to 180.10.1.16:

Router4#configure terminal
Router4(config)#ip nat inside source static 192.168.1.3 180.10.1.16

6. On Router4, issue the show ip nat translations command to display the NAT translation table. The
inside local IP address (192.168.1.3) is translated to the inside global IP address (180.10.1.16).
Sample output is shown below:

Router4#show ip nat translations

Pro Inside global Inside local Outside local Outside global
--- 180.10.1.15 192.168.1.2 --- ---
Pro Inside global Inside local Outside local Outside global
--- 180.10.1.16 192.168.1.3 --- ---

3 Boson NetSim Lab Manual

 7. A ping from Router3 to PC1 (192.168.1.2) fails because Router3 does not have a route to PC1. PC1
is configured with a private IP address that is not routable over the Internet.

8. A ping from Switch2 to Router3 (180.10.1.1) fails because Switch2 is configured with a private IP
address and Router4 has not been configured with a NAT translation that would enable it to access
the external network. As you can see in this lab, you could configure a static NAT translation to
enable devices on an internal network to access an external network. However, static NAT is a
one-to-one method of performing NAT translation and requires an external IP address for each
translation. Additionally, this method of NAT translation requires more administrative effort.

Sample Configuration Script

Router4 Router4 (continued)
Router4#show running-config !
Building configuration... interface FastEthernet0/0
Current configuration : 1024 bytes no ip address
! no ip directed-broadcast
Version 12.3 shutdown
service timestamps debug uptime !
service timestamps log uptime interface FastEthernet0/1
no service password-encryption ip address 192.168.1.1 255.255.255.0
! no ip directed-broadcast
hostname Router4 ip nat inside
ip cef !
! router eigrp 100
enable secret 5 $sdf$6978yhg$jnb76sd network 180.10.0.0
! network 192.168.1.0
key chain ccna-chain auto-summary
key 1 !
key-string boson ip nat inside source static 192.168.1.2
! 180.10.1.15
ip subnet-zero ip nat inside source static 192.168.1.3
! 180.10.1.16
interface Serial0/0 !
ip address 180.10.1.2 255.255.255.0 ip classless
ip authentication mode eigrp 100 md5 no ip http server
ip authentication key-chain eigrp 100 ccna-chain !
no ip directed-broadcast line con 0
ip nat outside line aux 0
! line vty 0 4
interface Serial0/1 !
no ip address no scheduler allocate
no ip directed-broadcast end
shutdown

Copyright © 1996–2014 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

4 Boson NetSim Lab Manual