1
00:00:00,760 --> 00:00:02,980
So rather one ping.

2
00:00:04,540 --> 00:00:06,130
Ten 112.

3
00:00:06,250 --> 00:00:07,330
That works right?

4
00:00:07,330 --> 00:00:11,500
A one can ping rather to write a one has a static root.

5
00:00:13,480 --> 00:00:16,930
In this case, it's a default route, sending all traffic to router two.

6
00:00:16,960 --> 00:00:18,850
So can router one ping.

7
00:00:19,750 --> 00:00:20,170
Eight one.

8
00:00:20,170 --> 00:00:21,820
One, two, rather three.

9
00:00:22,800 --> 00:00:27,870
The pings are coming out on router three show IP route.

10
00:00:28,930 --> 00:00:32,920
Shows us that the router doesn't have any routing enabled.

11
00:00:33,160 --> 00:00:34,780
It doesn't have a static route.

12
00:00:34,870 --> 00:00:37,510
All it knows about is this network.

13
00:00:37,750 --> 00:00:46,390
So debug ip icmp do that ping again on router three we can see that the traffic is arriving.

14
00:00:46,390 --> 00:00:53,530
So router three is receiving the pings from router one, but it's receiving them from ten 111.

15
00:00:53,740 --> 00:01:04,060
So router three is trying to reply back to the ICMP echo message using the source 8.1.122 going to ten

16
00:01:04,060 --> 00:01:05,170
111.

17
00:01:05,349 --> 00:01:13,600
But the router doesn't have a route back and we can see that by doing debug IP packet we can see that

18
00:01:13,600 --> 00:01:15,520
the packets are unreadable.

19
00:01:16,330 --> 00:01:20,710
Router three doesn't know how to send the traffic back to router one.

20
00:01:21,340 --> 00:01:29,890
So let's configure dynamic nat on router two to allow both router four and right one to send traffic

21
00:01:29,890 --> 00:01:30,820
to router three.

22
00:01:31,360 --> 00:01:34,510
So show run pipe include net.

23
00:01:35,020 --> 00:01:37,450
At the moment, no net has been configured.

24
00:01:37,990 --> 00:01:43,930
The first thing I'm going to do is go onto the Fost Ethernet zero one interface and make that to the

25
00:01:43,930 --> 00:01:45,220
outside interface.

26
00:01:45,310 --> 00:01:50,500
So this interface is now deemed to be outside from the routers point of view.

27
00:01:51,600 --> 00:01:55,830
Go onto Foster Ethernet zero zero IP net insight.

28
00:01:57,500 --> 00:02:00,350
So those commands are very similar to static Nat.

29
00:02:00,650 --> 00:02:07,140
What we need to do now, however, is specify a pool and an access list.

30
00:02:07,160 --> 00:02:08,720
So we'll start with the access list.

31
00:02:08,720 --> 00:02:11,990
So access list one permit.

32
00:02:12,320 --> 00:02:14,960
And who are we going to allow to be netted?

33
00:02:15,050 --> 00:02:16,070
In this example?

34
00:02:16,070 --> 00:02:25,280
I'll allow anyone in the ten 110 network so anyone in this network will be permitted or allowed to have

35
00:02:25,280 --> 00:02:27,020
their addresses translated.

36
00:02:27,020 --> 00:02:29,270
So that'll affect right of one and right of four.

37
00:02:29,420 --> 00:02:31,550
Now I can use the command IP net.

38
00:02:32,210 --> 00:02:39,380
And rather than choosing static, I'm going to use the option pool to define a pool of addresses and

39
00:02:39,380 --> 00:02:40,520
then we need to create a name.

40
00:02:40,520 --> 00:02:42,680
So I'm just going to call this net pool.

41
00:02:43,850 --> 00:02:46,690
What's going to be the first IP address in the pool?

42
00:02:46,700 --> 00:02:51,590
So I need to specify a range of IP addresses on this interface.

43
00:02:51,740 --> 00:02:55,310
So I'm going to say 81152811 ten.

44
00:02:55,850 --> 00:02:58,850
And then I need to specify the network mask.

45
00:02:59,870 --> 00:03:04,130
So the network mask will be a slash 24 in our example.

46
00:03:04,550 --> 00:03:13,940
And lastly, I need to specify IP net inside source list access list one which we created is determining

47
00:03:13,940 --> 00:03:17,060
who's going to be netted or who's going to be allowed to be netted.

48
00:03:17,240 --> 00:03:23,660
And we're going to net them to a pool of addresses which we called net pool.

49
00:03:25,790 --> 00:03:32,240
It's a show run pipe, including that will allow me to see the commands that I configured.

50
00:03:32,600 --> 00:03:36,560
We specify the inside and outside interfaces, which would be on these two interfaces.

51
00:03:36,980 --> 00:03:39,170
We created a pool of addresses.

52
00:03:39,710 --> 00:03:42,440
This net command is allowing.

53
00:03:44,010 --> 00:03:47,310
Anyone in access list one.

54
00:03:47,610 --> 00:03:53,280
So anyone in this range based on that entry to be netted to an address in this pool.

55
00:03:53,730 --> 00:03:57,840
And the pool contains these addresses 5 to 10.

56
00:03:58,320 --> 00:04:00,510
So I've added six addresses to the pool.

57
00:04:00,870 --> 00:04:05,010
So debug IP net to allow us to see things in real time.

58
00:04:05,280 --> 00:04:08,760
Rather one wasn't able to ping rather three previously.

59
00:04:08,970 --> 00:04:10,380
Let's see if it works now.

60
00:04:11,540 --> 00:04:13,850
Notice after a while it started working.

61
00:04:14,030 --> 00:04:24,290
And we can see that this address ten 111 translated to 8115 for traffic going to 8112 so we can see.

62
00:04:25,150 --> 00:04:28,420
Traffic's being netted and then the reply came back.

63
00:04:28,690 --> 00:04:34,960
These ping time outs are probably due to the OP taking place between rather two and rather three.

64
00:04:35,290 --> 00:04:37,570
So they're on the third attempt.

65
00:04:37,570 --> 00:04:44,570
The reply came back, so 8115 was translated to ten 111 and that continues.

66
00:04:44,620 --> 00:04:48,700
Can write a four ping 8112.

67
00:04:51,770 --> 00:04:53,420
See the nets taking place.

68
00:04:54,300 --> 00:04:56,940
Ping started succeeding in the output.

69
00:04:56,940 --> 00:05:03,300
We can see that ten 114 was translated to the second address in the pool.

70
00:05:03,360 --> 00:05:07,440
81164 traffic going to 8112.

71
00:05:09,470 --> 00:05:16,700
That means that both writer one and writer Falk can send traffic to Writer three and rather two will

72
00:05:16,700 --> 00:05:19,550
dynamically do the net between the addresses.

73
00:05:19,550 --> 00:05:21,260
So there's write of four.

74
00:05:21,500 --> 00:05:23,510
He has wrote a two being netted.

75
00:05:23,900 --> 00:05:25,850
Show IP net translation.

76
00:05:25,970 --> 00:05:32,390
Now in this example, every ping is going to get a new dynamic net entry.

77
00:05:32,390 --> 00:05:35,840
So to keep it simple, I'm going to use telnet.

78
00:05:35,840 --> 00:05:40,880
So I'll enable the V lines on router three.

79
00:05:49,260 --> 00:05:59,340
And I'll telnet to router three from router one and I'll do that from router four as well.

80
00:06:03,320 --> 00:06:12,530
En route a t show IP net translation we can see the dynamic net entries created for those two hosts

81
00:06:12,530 --> 00:06:14,630
accessing router three.

82
00:06:14,840 --> 00:06:23,840
You can see that this address ten 111 was netted to 8115 and ten 114 was netted to 8116.

83
00:06:23,930 --> 00:06:30,140
And then the actual traffic for that telnet session is shown as a dynamic net entry here with the port

84
00:06:30,140 --> 00:06:32,930
numbers if we exit.

85
00:06:34,900 --> 00:06:37,090
Out of both of those Telnet sessions.

86
00:06:39,770 --> 00:06:44,090
After a period of time, these dynamic entries will disappear.

87
00:06:47,440 --> 00:06:51,850
I can remove them by typing clear IP net translation star.

88
00:06:53,230 --> 00:06:56,260
So at the moment notice there are no net translations.

89
00:06:56,590 --> 00:06:58,510
As soon as I send traffic.

90
00:06:59,700 --> 00:07:03,930
A net translation is created for that host entry.

91
00:07:04,680 --> 00:07:06,300
If I leave it long enough.

92
00:07:08,290 --> 00:07:12,340
Those net translations will time out and be removed.

93
00:07:12,370 --> 00:07:20,200
That's very different to a static net translation where the static net translation stays permanently

94
00:07:20,200 --> 00:07:21,910
in the net table.

95
00:07:23,490 --> 00:07:26,430
As you can see here, the net entry is coming out.

96
00:07:26,430 --> 00:07:34,140
So show IP net translations shows me that that net entry has been removed from the table.

97
00:07:34,470 --> 00:07:41,730
Now, one of the problems with this way of doing network address translation is there is a 1 to 1 mapping

98
00:07:41,730 --> 00:07:46,830
between the inside and outside IP addresses in our pool.

99
00:07:49,430 --> 00:07:52,130
We only created a few addresses.

100
00:07:53,250 --> 00:08:00,930
So short run pipe include net we can see that we've got addresses 8.1, 1.5 up to ten.

101
00:08:00,930 --> 00:08:03,390
So there are only six addresses in the pool.

102
00:08:03,480 --> 00:08:08,640
What happens if we have 100 hosts that need to be netted onto the Internet?

103
00:08:08,910 --> 00:08:15,450
That's not going to work well with dynamic net or static net, and that's where overloading comes in.

104
00:08:15,660 --> 00:08:19,110
In the next demonstration, I'll show you how to set up net overloading.