cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4010
Views
5
Helpful
5
Replies

NAT configuration with GNS3. How I can test config?

webstd.design
Level 1
Level 1

I have configured this test config for learning NAT:

on router. How I can test and understood work of it?

Thank you!

access-list 1 remark ACL Category=2

access-list 1 permit 10.10.2.0 0.0.0.255

interface FastEthernet0/1

ip nat outside

exit

interface FastEthernet0/0

ip nat inside

exit

ip nat inside source list 1 interface FastEthernet0/1 overload

5 Replies 5

webstd.design
Level 1
Level 1

debug ip nat

*Mar 1 03:30:30.703: NAT: translation failed (F), dropping packet s=10.10.2.1 d=224.0.0.10

the topology is:

inside-10.10.2.1--192.168.0.1-outside---

With GNS3, you can simply see NAT functioning by configuring a nat setup between two connected routers. The transport is your choice but I used FastEthernet for simplicity.

R0 - NAT router

int loop1

ip add 10.0.0.1 255.255.255.0

ip nat in

!

int f0/0

ip add 192.168.0.1 255.255.255.252

ip nat out

!

access-list 1 per host 10.0.0.1

ip nat inside source list 1 interface f0/0 over

end

****************

R1

Configure FastEthernet interface

int f0/0

ip add 192.168.0.2 255.255.255.252

****************

Do a source ping from the loopback on the NAT router to the IP on R1 and view nat statistics and translations to see the attempt. Here is the output:

Router#ping 192.168.0.2 source 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:

Packet sent with a source address of 10.0.0.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms

Router#sh ip nat stat

Total active translations: 1 (0 static, 1 dynamic; 1 extended)

Outside interfaces:

FastEthernet0/0

Inside interfaces:

Loopback1

Hits: 9 Misses: 1

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface FastEthernet0/0 refcount 1

Router#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

icmp 192.168.0.1:0 10.0.0.1:0 192.168.0.2:0 192.168.0.2:0

You can do several scenarios and this is certainly not the only way to do it. However it will get you started and takes about <5 mins to set up.

Cheers

What should I do to test Misses?

Hits: 9 Misses: 1

Good doc on basic troubleshooting:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml

Misses are just an indicator of a translation that isn't in the translation table. Some initiations from an outside source might not be in the translation table and therefore log a miss. The document references ICMP echo in the particular case.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: