NAT configuration with GNS3. How I can test config?

Unanswered Question
Aug 15th, 2009

I have configured this test config for learning NAT:

on router. How I can test and understood work of it?

Thank you!

access-list 1 remark ACL Category=2

access-list 1 permit 10.10.2.0 0.0.0.255

interface FastEthernet0/1

ip nat outside

exit

interface FastEthernet0/0

ip nat inside

exit

ip nat inside source list 1 interface FastEthernet0/1 overload

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
webstd.design Sat, 08/15/2009 - 07:53

debug ip nat

*Mar 1 03:30:30.703: NAT: translation failed (F), dropping packet s=10.10.2.1 d=224.0.0.10

jaypower Sun, 08/16/2009 - 05:31

With GNS3, you can simply see NAT functioning by configuring a nat setup between two connected routers. The transport is your choice but I used FastEthernet for simplicity.

R0 - NAT router

int loop1

ip add 10.0.0.1 255.255.255.0

ip nat in

!

int f0/0

ip add 192.168.0.1 255.255.255.252

ip nat out

!

access-list 1 per host 10.0.0.1

ip nat inside source list 1 interface f0/0 over

end

****************

R1

Configure FastEthernet interface

int f0/0

ip add 192.168.0.2 255.255.255.252

****************

Do a source ping from the loopback on the NAT router to the IP on R1 and view nat statistics and translations to see the attempt. Here is the output:

Router#ping 192.168.0.2 source 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:

Packet sent with a source address of 10.0.0.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms

Router#sh ip nat stat

Total active translations: 1 (0 static, 1 dynamic; 1 extended)

Outside interfaces:

FastEthernet0/0

Inside interfaces:

Loopback1

Hits: 9 Misses: 1

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface FastEthernet0/0 refcount 1

Router#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

icmp 192.168.0.1:0 10.0.0.1:0 192.168.0.2:0 192.168.0.2:0

You can do several scenarios and this is certainly not the only way to do it. However it will get you started and takes about <5 mins to set up.

Cheers

Actions

This Discussion