Professional Documents
Culture Documents
Task2A Configure Static NAT on the router R-SNAT to satisfy the following
requirement:
!R-SNAT
ip nat inside source static 10.1.1.101 208.8.8.201
On R_SNAT, the command show ip nat translation shows the static NAT entry
Use this entry so that the FTP server can browse the cisco.com server.
This successful browse produces a tcp port 80 entry associated with the static
entry
Now test the other direction Inside to Ouside from the inside FTP server
to the outside PC.
Notice that the static entry does not specify any port numbers. This is why it is a staic
NAT entry rather than a static PAT entry.
Let us check that any application can use this static NAT entry. We will use FTP to test
this static entry
Check
PC1 Outside can FTP to myftp.com and can successfully login using username
cisco password cisco
On R_SNAT, the command show ip nat translation shows the static entry for
the FTP server mapping and a related FTP control entry from the outside PC1
Use the dir command to view the files on the FTP server
On R_SNAT, the command show ip nat translation shows the static entry for
the FTP server mapping and a related entry for the ftp data connection from the
outside PC1
note: You don’t need to know why the port being used is not port 20
It is related to Active or Passive FTP mode.
!R1-NAT
clear ip nat translation *
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On the R1-NAT router, clear the access list counters and clear the NAT table
!R1-NAT
clear access-list counters
clear ip nat translation *
Task2B part 1
In this example, PCs on the outside will use the same public address to access
two different internal servers. We will use port numbers to decide which internal
server is chosen
Configure Static PAT on the router R-SNAT to satisfy the following requirements:
!R-SNAT
ip nat inside source static tcp 10.1.1.100 80 208.8.8.200 80
!
ip nat inside source static tcp 10.1.1.105 443 208.8.8.200 443
Check
PC1 Outside can browse to the public address 208.8.8.200 and a web page
displays for the HTTP server
PC1 Outside can securely browse to the public address 208.8.8.200 and a web
page displays for the HTTPS server
On R_SNAT, the command show ip nat translation shows the static entry for
the port 80 mapping and a related entry for the browse from the outside PC1
On R_SNAT, the command show ip nat translation shows the static entry for
the port 443 mapping and a related entry for the browse from the outside PC1
To access the Log server, the clients must use the public address 208.8.8.210.
Outside PCs must use http to request access but this port 80 request must be
changed to a port 8080 which is often used as a proxy port for port 80 in internal
networks
!R-SNAT
ip nat inside source static tcp 10.1.1.106 8080 208.8.8.210 80
Task 2B part 3
In Task 2B part 1, PCs on the outside used the same public address to access
two different internal servers.
In this example we will use two different public addresses but both will send
packets to the same internal server.
To access the Logging server using port 443, the clients must use the public
address 208.8.8.220.
To access the Logging server using port 80, the clients must use the public
address 208.8.8.230
!R-SNAT
ip nat inside source static tcp 10.1.1.106 443 208.8.8.220 443
!
ip nat inside source static tcp 10.1.1.106 80 208.8.8.230 80