Q2

a) Show (include descriptions) the relevant running configuration for the Edge Router

The interface Fa0/0 is set as ip nat outside is the global network as it is

connected to the Internet Gateway.The public IP address that is used by
the Edge Router is 200.1.1.1. The command that sets this up is : ‘ip
address 200.1.1.1 255.255.255.0’ ‘ip nat outside’

The Edge router is set up such that the Fa0/1

interface serves as the gateway for the inner
network consisting of 2 PCs, an Internal
Router, and a Telnet Server, with an IP
address of 192.168.1.254. This interface is
configured with ip nat inside, indicating that
it is a private network with private IP
addresses. To configure this, the commands
used are 'ip address 192.168.1.254
255.255.255.0' and 'ip nat
inside'.255.255.255.0’ ‘ip nat inside’

The 'access-list 5 permit 192.168.1.0 0.0.0.255'

command establishes a list of IP addresses from
the network that can pass through the router.

To configure PAT (interface mode) on the router,

To enable incoming traffic to travel to the
destination network of 10.1.1.0 with a
subnet mask of 255.255.255.0 or 24, the
command 'ip route 10.1.1.0 255.255.255.0
192.168.1.1' is used, which also suggests
that the router can use the router with the
IP address of 192.168.1.1 as the next hop
to reach the destination network.
the 'ip nat inside source list 10 interface
FastEthernet0/0 overload' command is used, as
there is only one global IP available for PC1
(172.16.1.1). This command enables NAT
overload for access-list 10 and binds it to the
outside interface of Fa0/0.
Finally, the 'ip nat inside source static tcp
192.168.1.2 80 200.1.1.1 80 extendable'
command sets up NAT (Port Forwarding) for the
private IP address (Telnet Server) to translate it
into the public IP of 200.1.1.1. Packets with a
destination port of 80 that reach the interface
with a public IP will be directed to the IP
192.168.1.2. The extendable parameter is
included so that the router can translate the
private IP into more than one public IP address.
b) Show (include descriptions) the relevant running configuration for the Internal Router to
enable PC1 to access the Internet. PC0 however could only access the internal devices
(PC1, Telnet Server). Hint: This task should be accomplished using NAT.

The internal router is directly connected to 2

PC and ethernet switch which it consists of 3
fast ethernet cable. In f0/0 ip address and
subnet mask 192.168.1.1 255.255.255.0 is
configure, in f0/1 ip address and subnet mask
10.1.1.254 255.255.255.0 is configure, in f1/0
ip address and subnet mask 172.16.1.254
255.255.255.0 is configure, Ip nat inside is
configure in f0/1 and f1/0 while ip nat
outside is configure in f0/0.

By using the command "ip route 0.0.0.0 0.0.0.0

192.168.1.254," the router's default route is
configured. This means that any traffic that does
not have a specific network destination will be
forwarded to the device with the IP address
192.168.1.254.

The command "ip nat inside source static

172.16.1.1 192.168.1.3" sets up a static NAT
mapping. This means that any traffic originating
from the inside network with a source IP address
of 172.16.1.1 will have its source IP address
translated to 192.168.1.3 when it is sent to the
outside network. This translation enables external
devices to communicate with the inside network
using the translated IP address.

The command "ip nat inside source static 10.1.1.1

192.168.1.4" also sets up a static NAT mapping.
Any traffic originating from the inside network
with a source IP address of 10.1.1.1 will have its
source IP address translated to 192.168.1.4 when it
is sent to the outside network. This allows external
devices to initiate communication with the inside
network using the translated IP address.
c) Use Wireshark (integrate it to GNS3) and show (include descriptions) the following:
i) PC1 is able to Ping the Internet Gateway and all other internal devices.

In the above diagram, PC1 with the IP address 172.16.1.1 sent ping requests to the
Internet Gateway with IP address 200.1.1.2, and all the requests were successfully
replied to by the Internet Gateway. The Internal Router has Network Address
Translation (NAT), which allowed PC1 to communicate with the outside internet through
the Internet Gateway.

PC1, with IP address 172.16.1.1, attempted to ping PC0, which has an IP address of
10.1.1.1, and successfully received

replies from PC0.

In the diagram provided, PC1, which has the IP address 172.16.1.1, attempted to ping the
EdgeRouter with the IP address 192.168.1.254. PC1 sent four requests, and all of them
received successful replies from the EdgeRouter.

In the above diagram, PC1 having an IP address of 172.16.1.1 attempted to ping the
TelnetServer that has an IP address of 192.168.1.2. PC1 sent ping requests to TelnetServer
and received replies from it successfully.
ii) PC0 is unable to Ping the Internet Gateway but able to Ping all other internal devices.

In the above diagram, PC0 having IP address 10.1.1.1 attempted to ping PC1 with IP address
172.16.1.1. PC0 sent ping requests and received responses from PC1 for all of them

. In the depicted network topology, PC0 attempted to ping the Internet Gateway with IP
address 200.1.1.2, but none of the four requests were replied to by the EdgeRouter. This is
because the Internal Router has no NAT configuration in place to translate the IP address of
PC0 to the allowed IP address range between 192.168.1.1 and 192.168.1.254. Consequently,
PC0 cannot communicate with the Internet Gateway, as the access-list only permits the
specified IP address range to access it.

In the diagram above, PC0 (with IP address 10.1.1.1) attempted to ping the TelnetServer
(with IP address 192.168.1.2). PC0 sent four requests and received successful replies from
TelnetServer. This was possible because there is a static route configured for all the routers,
enabling them to communicate with each other.

iii) The relevant NAT occurring in the Wireshark results

NAT for PC1 to internet gateway
interface f0/0 (internal router)

interface f0/1 (edge router)

interface f0/0 (edge router)

 Interface f1/0 (internal router)

Network Address Translation (NAT) occurs when PC1 with IP address 172.16.1.1 pings the
Internet Gateway. Initially, the request packet has a Source IP of 172.16.1.1 and a
Destination IP of 200.1.1.2, as shown in the first diagram. Upon entering the Internal Router,
the IP address is translated from 172.16.1.1 to 192.168.1.3, resulting in a change in the
Source IP as seen in the second diagram. Since the packets are still in the same network, the
Source IP and Destination IP remain unchanged in the third diagram. The second translation
occurs when the packet reaches the EdgeRouter, which changes the Source IP from
192.168.1.3 to 200.1.1.1 based on the NAT configuration set on the router. Consequently,
the Source IP changes again, and the Destination IP remains unchanged. The Destination IP
remains constant throughout the process because the request packet is from the "inside" of
the network (private) to the "outside" of the network (public). In contrast, when the reply
packet travels from the "outside" network to the "inside" network, the situation will be
reversed.

d) Show the Internet Gateway is able to connect to the Telnet Server using telnet, but unable to
Ping to the Telnet Server

Internet Gateway is able to ping the Edge Router 200.1.1.1, but not the Telnet Server
192.168.1.2 since NAT is applied and only Telnet connections (port 23) to the Telnet Server is
allowed. When Internet Gateway tries to ping 192.168.1.2

The screenshot above demonstrates that the Internet Gateway can establish a connection to
the Telnet Server using telnet, through the use of Network Address Translation (NAT). The
NAT translates the Telnet Server's address 192.168.1.2:23 to 200.1.1.1:23, which allows
access to the server by telnetting to the Edge Router. The Edge Router then redirects the
telnet traffic to the Telnet Server.