SG

SG

Jumat, 16 Desember 2011

Configurasi NAT dan PAT


contoh konfigurasi
•               PAT,Static NAT,Port Static Map NAT
•               Dynamic NAT,Dynamic NAT with Overload,Serta Gabungan
•               Dynamic NAT with Overload dan Port Static Map NAT 

Contoh config PAT
Langkah-langkahnya adalah sebagai berikut:
******
1.Tentukan Inside Interface dari NAT
******
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#exit
****************************************************
2.Tentukan Outside Interface dari NAT, kita asumsikan
bahwa ip 192.168.20.2 adalah IP Public (analogi IP Public yang salah
,karena sudah terlanjur ke save di router T_T)
****************************************************
R1(config)#interface Ethernet1/0
R1(config-if)#ip address 192.168.20.2 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#exit
****************************************************
3.Buat a standard access list, Identify internal IP
Address to be translated and enable NAT Overload
****************************************************
R1(config)#access-list 20 permit 192.168.1.0 0.0.0.255
R1(config)#ip nat inside source list 20 interface FastEthernet1/0 overload
R1(condig)#end
R1#

****************************************************
How to check 1 (ping  dari host di dalam nat to host diluar nat)
****************************************************
C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection 5:

 Connection-specific DNS Suffix  . :
 IP Address. . . . . . . . . . . . : 192.168.1.2
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 IP Address. . . . . . . . . . . . : fec0::1:2%1
 IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%4
 Default Gateway . . . . . . . . . : 192.168.1.1

C:\>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:

Reply from 192.168.10.2: bytes=32 time=233ms TTL=126
Reply from 192.168.10.2: bytes=32 time=187ms TTL=126
Reply from 192.168.10.2: bytes=32 time=208ms TTL=126
Reply from 192.168.10.2: bytes=32 time=170ms TTL=126

Ping statistics for 192.168.10.2:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 170ms, Maximum = 233ms, Average = 199ms

C:\>
****************************************************
How to check 2 (ping dari host di diluar nat to host didalam nat)
****************************************************
C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix  . :
 IP Address. . . . . . . . . . . . : 192.168.10.2
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 IP Address. . . . . . . . . . . . : fec0::3:2%1
 IP Address. . . . . . . . . . . . : fe80::20c:29ff:fe63:5efd%4
 Default Gateway . . . . . . . . . : 192.168.10.1

C:\>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.

Ping statistics for 192.168.1.2:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

****************************************************
How to check 3 (debug ip nat [no access-list ] detailed)
****************************************************
R1#debug ip nat 20 detailed
IP NAT detailed debugging is on for access list 20
R1#
*Mei 18 13:08:53.451:  mapping pointer available mapping:0
*Mei 18 13:08:53.451: NAT: [0] Allocated Port for 192.168.1.2 -> 192.168.20.2: wanted 512 got 512
*Mei 18 13:08:53.451: NAT*: i: icmp (192.168.1.2, 512) -> (192.168.10.2, 512) [21978]
*Mei 18 13:08:53.455: NAT*: i: icmp (192.168.1.2, 512) -> (192.168.10.2, 512) [21978]
*Mei 18 13:08:53.455: NAT*: s=192.168.1.2->192.168.20.2, d=192.168.10.2 [21978]
*Mei 18 13:08:53.587: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1813]
*Mei 18 13:08:53.587: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.1.2 [1813]
*Mei 18 13:08:55.823: NAT*: i: icmp (192.168.1.2, 512) -> (192.168.10.2, 512) [22033]
*Mei 18 13:08:55.827: NAT*: s=192.168.1.2->192.168.20.2, d=192.168.10.2 [22033]
*Mei 18 13:08:55.919: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1814]
*Mei 18 13:08:55.919: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.1.2 [1814]
*Mei 18 13:08:58.035: NAT*: i: icmp (192.168.1.2, 512) -> (192.168.10.2, 512) [22087]
*Mei 18 13:08:58.035: NAT*: s=192.168.1.2->192.168.20.2, d=192.168.10.2 [22087]
*Mei 18 13:08:58.199: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1816]
*Mei 18 13:08:58.199: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.1.2 [1816]
*Mei 18 13:08:58.827: NAT*: i: icmp (192.168.1.2, 512) -> (192.168.10.2, 512) [22136]
*Mei 18 13:08:58.827: NAT*: s=192.168.1.2->192.168.20.2, d=192.168.10.2 [22136]
*Mei 18 13:08:58.943: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1817]
*Mei 18 13:08:58.943: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.1.2 [1817]
*Mei 18 13:09:01.947:  mapping pointer available mapping:0
*Mei 18 13:09:01.947: NAT: [0] Allocated Port for 192.168.1.2 -> 192.168.20.2: wanted 1270 got 1270

R1#
****************************************************
How to check 4 (sh ip nat translations)
****************************************************
R1#
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.20.2:512  192.168.1.2:512   192.168.10.2:512   192.168.10.2:512
tcp 192.168.20.2:1270  192.168.1.2:1270  192.168.10.2:23    192.168.10.2:23
R1#




****************************************************
Static NAT
****************************************************
ip nat inside source static [ip private] [ip public]
ex:
ip nat inside source static 192.168.1.2 192.168.20.2
****************************************************
Port Static Map NAT
****************************************************
ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ex:
ip nat inside source static tcp 192.168.1.2 80 interface f1/0 80
****************************************************
Dynamic NAT 
**************************************************** 
ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool] 
ex:
ip nat pool dhcp-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool dhcp-pool
****************************************************
Dynamic NAT with Overload
****************************************************
ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat pool dhcp-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool dhcp-pool overload
****************************************************
Dynamic NAT with Overload + Port Static Map 
****************************************************
ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ip nat pool [name-pool] [ip public-public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat inside source static tcp 192.168.1.2 80 interface f1/0 80
ip nat pool dhcp-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source list 20 pool dhcp-pool overload

****************************************************
How to check 5 (sh ip ip access-lists and sh run | in ip nat)
****************************************************
R1#sh ip access-lists
Standard IP access list 20
 10 permit 192.168.1.0, wildcard bits 0.0.0.255 (2 matches)
R1#sh run | in ip nat
 ip nat inside
 ip nat outside
ip nat pool dhcp-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet1/0 80
ip nat inside source list 20 pool dhcp-pool overload
R1#
****************************************************
How to check 6 (sh ip nat translations)
****************************************************
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.20.2:80    192.168.1.2:80    192.168.10.2:1048  192.168.10.2:1048
tcp 192.168.20.2:80    192.168.1.2:80    192.168.10.2:1049  192.168.10.2:1049
tcp 192.168.20.2:80    192.168.1.2:80    ---                ---
icmp 192.168.20.4:512  192.168.1.2:512   192.168.10.2:512   192.168.10.2:512
R1#
****************************************************
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)