1
00:00:00,120 --> 00:00:06,270
In previous videos, we configured this topology, we configured an HCP router, we configured spanning

2
00:00:06,300 --> 00:00:13,830
three, we configured IGP on the core switches and this Internet facing router and we've done various

3
00:00:13,830 --> 00:00:16,320
things to optimize the topology.

4
00:00:16,800 --> 00:00:22,410
In this video, I'm going to configure network address translation on router three to enable devices

5
00:00:22,410 --> 00:00:25,500
in our genius three topology to access the internet.

6
00:00:26,220 --> 00:00:33,570
He says rather three, rather three is configured with an IP address on Fast Ethernet zero one and the

7
00:00:33,570 --> 00:00:36,900
IP address is 1921681 124.

8
00:00:37,530 --> 00:00:42,960
Router three has a default gateway of 1921681254.

9
00:00:43,020 --> 00:00:46,740
This is the internet facing router in the cloud.

10
00:00:47,190 --> 00:00:54,960
That router does not have the ability to run routing protocols, so I can't advertise the Ten Network

11
00:00:54,960 --> 00:00:57,690
running within Janus three to that router.

12
00:00:58,260 --> 00:01:04,050
So to get this to work, I'm simply going to enable Nat on router three with this being the outside

13
00:01:04,050 --> 00:01:06,570
interface and this being the inside interface.

14
00:01:07,170 --> 00:01:15,420
Now to be correct with wording, we actually enabling port address translation so that multiple devices

15
00:01:15,420 --> 00:01:19,890
in our topology can be netted to the IP address on this interface.

16
00:01:20,370 --> 00:01:29,070
So on Fost Ethernet zero one, I'm going to use the command IP Nat outside to enable Nat on this interface

17
00:01:29,070 --> 00:01:31,440
and make it be the outside interface.

18
00:01:31,440 --> 00:01:35,040
From a NAT point of view that takes a while to come up.

19
00:01:35,040 --> 00:01:40,170
In June is three, but after a while I should be able to configure this interface as the inside.

20
00:01:40,350 --> 00:01:42,600
And there you go so fast.

21
00:01:42,630 --> 00:01:46,710
Ethernet zero zero IP Nat Insight.

22
00:01:47,220 --> 00:01:52,140
So we've told the router that this interfaces the outside interface and this interface is the inside

23
00:01:52,140 --> 00:01:52,890
interface.

24
00:01:53,490 --> 00:01:57,810
So now we need to configure Nat and we do that by tapping the command ip nat.

25
00:01:58,520 --> 00:01:59,630
Inside.

26
00:01:59,660 --> 00:02:02,480
I want to net devices on the inside network.

27
00:02:02,750 --> 00:02:08,750
And in this case, I want to net source IP addresses based on an access list, which is going to be

28
00:02:08,750 --> 00:02:09,979
access list one.

29
00:02:10,220 --> 00:02:18,800
And we're going to net them onto Interface Fost Ethernet zero one and we're going to enable Pat by using

30
00:02:18,800 --> 00:02:20,480
the overload keyword.

31
00:02:21,110 --> 00:02:27,890
So the next step is to create an access list, which is access list one referenced over here in the

32
00:02:27,890 --> 00:02:29,090
net command.

33
00:02:29,570 --> 00:02:33,230
And I'm going to permit all devices in the Ten Network.

34
00:02:36,850 --> 00:02:40,420
So show run pipe include Nat.

35
00:02:41,690 --> 00:02:44,990
Shows me that we've got Nat configured on the inside interface.

36
00:02:45,020 --> 00:02:50,750
Nat is configured on the outside interface and we overloading the outside interface.

37
00:02:51,200 --> 00:02:56,600
Now, to be precise, we should do this show Run Interface, Fast Ethernet zero zero and we can see

38
00:02:56,600 --> 00:03:04,100
that IP Nat inside is enabled on that interface and IP Nat outside is enabled on Fost Ethernet zero

39
00:03:04,100 --> 00:03:08,000
one show IP Nat translations.

40
00:03:08,030 --> 00:03:16,070
At the moment there are no NAT translations, so let's go on to router one acting as PC one.

41
00:03:16,830 --> 00:03:19,800
And let's see if we can ping google.com.

42
00:03:21,840 --> 00:03:22,530
At the moment.

43
00:03:22,530 --> 00:03:28,560
Notice, please, that it's trying to translate google.com using a broadcast.

44
00:03:28,680 --> 00:03:31,290
And this takes a while to time out.

45
00:03:38,030 --> 00:03:39,890
The reason why is.

46
00:03:40,850 --> 00:03:47,210
The radar is doing a domain lookup now that's not shown by default in the running config, but if I

47
00:03:47,210 --> 00:03:53,330
type no IP domain lookup and then try and ping google.com again.

48
00:03:54,080 --> 00:03:56,690
Notice the ping times out immediately.

49
00:03:57,500 --> 00:04:00,320
So if I use IP domain lookup.

50
00:04:01,510 --> 00:04:03,970
I should specify my DNS server.

51
00:04:04,600 --> 00:04:06,430
So IP name server.

52
00:04:08,030 --> 00:04:10,220
And in this case, I'll specify Google.

53
00:04:11,500 --> 00:04:16,870
When I try and ping google.com in this case, notice it works.

54
00:04:17,459 --> 00:04:24,000
We got a reply from the Google DNS server and we were able to ping google.com.

55
00:04:24,740 --> 00:04:28,910
Rata once traffic is being netted by router three.

56
00:04:29,390 --> 00:04:32,240
So notice we can see the net translations.

57
00:04:32,330 --> 00:04:32,780
Yes.

58
00:04:32,780 --> 00:04:35,630
The connection to the Google DNS server.

59
00:04:35,630 --> 00:04:38,090
And he has the connection to Google.

60
00:04:38,930 --> 00:04:47,780
This is the IP address of router one on the inside interface and this is the netted IP address of router

61
00:04:47,780 --> 00:04:53,120
one, which is the IP address of fast Ethernet zero one as shown over there.

62
00:04:54,100 --> 00:04:55,450
I'll show these together.

63
00:04:58,370 --> 00:04:59,990
So debug IP Nat.

64
00:05:00,990 --> 00:05:02,460
And that's actually on the wrong router.

65
00:05:02,460 --> 00:05:12,150
So on all router three debug IP net and what I'll do now is I will do a ping to Google.com and what

66
00:05:12,150 --> 00:05:16,530
we should see is we should see the net translations taking place and there you go.

67
00:05:17,220 --> 00:05:20,490
Notice Source IP address ten one 1011.

68
00:05:20,700 --> 00:05:25,680
This IP address was translated to 1921681 124.

69
00:05:26,130 --> 00:05:31,290
That's the IP address once again of Fost Ethernet zero one on router three.

70
00:05:32,220 --> 00:05:33,990
Going to Google.com.

71
00:05:34,900 --> 00:05:36,760
The initial ping timed out.

72
00:05:37,270 --> 00:05:38,440
So we saw that there.

73
00:05:38,710 --> 00:05:48,850
But there's the second ping and there's a reply to the ping from Google destination IP address of 121681

74
00:05:48,850 --> 00:05:58,870
124 is translated back to 10.1 10.11 is forwarded through the network to router one show IP net translation

75
00:05:58,870 --> 00:06:03,040
shows me that at the moment there are no net translations they've timed out.

76
00:06:03,880 --> 00:06:08,290
So let's telnet to google.com on port 80.

77
00:06:09,010 --> 00:06:10,780
You can see that it's connected.

78
00:06:11,260 --> 00:06:17,830
So it's opening that connection and in the net translations you can see here's the DNS request to the

79
00:06:17,830 --> 00:06:27,520
DNS server and the reply and he has the connection to the Google server to show IP net translation shows

80
00:06:27,520 --> 00:06:33,550
me the DNS request and this is the connection to the web server.

81
00:06:33,670 --> 00:06:40,630
In other words, google.com on Port Eddie we can see that we are currently connected to the Google server.

82
00:06:40,720 --> 00:06:44,200
I'll press control C on the router press enter.

83
00:06:44,680 --> 00:06:47,470
We can see something happening in the natural translations.

84
00:06:48,670 --> 00:06:54,970
I use control shift six x to jump back to the router because it's keeping the connection open.

85
00:06:54,970 --> 00:06:56,920
So I'll disconnect my connection.

86
00:06:57,930 --> 00:07:04,230
So we've successfully configured Nat in this network, allowing writer one to connect to Google.

87
00:07:04,260 --> 00:07:07,620
Let's do the same on router two acting as PC two.

88
00:07:08,040 --> 00:07:17,190
So on PC two, IP name server will be google ping and let's use another server cisco dot com.

89
00:07:19,540 --> 00:07:27,580
Can see that the query succeeded and we able to ping Cisco dot com what about CNN dot com.

90
00:07:28,780 --> 00:07:32,710
In this case, the pings are being dropped by the server.

91
00:07:33,430 --> 00:07:35,440
So let's try Yahoo!

92
00:07:36,550 --> 00:07:37,390
Dot com.

93
00:07:39,270 --> 00:07:41,370
We can see that the pings succeed.

94
00:07:41,850 --> 00:07:50,010
So we've successfully configured this entire network as well as configured Nat on router three and these

95
00:07:50,010 --> 00:07:54,360
routers acting as PCs can now access devices on the Internet.