1
00:00:00,840 --> 00:00:05,580
In this video, I'm going to show you how to set up a net overloading or port address translation or

2
00:00:05,580 --> 00:00:13,290
pat these two internal devices, router one and router four are going to be netted to the IP address

3
00:00:13,290 --> 00:00:14,730
of router two.

4
00:00:14,760 --> 00:00:20,160
So rather two is configured on the first Ethernet zero one interface with this IP address, 8.1 and

5
00:00:20,190 --> 00:00:21,030
1.1.

6
00:00:21,210 --> 00:00:28,710
But rather than allocating additional addresses for Nat, I'm going to net both these devices to that

7
00:00:28,710 --> 00:00:33,480
single IP address by using port address translation or Pat Rafter.

8
00:00:33,480 --> 00:00:40,680
Three in this example is acting as our Internet server on the outside at the moment, router one is

9
00:00:40,680 --> 00:00:46,470
not able to ping router three root of four on the inside.

10
00:00:47,320 --> 00:00:50,440
Over here is also not able to ping router three.

11
00:00:52,240 --> 00:00:53,770
The pings are failing.

12
00:00:56,440 --> 00:01:01,840
And that's because there is no routing enabled on router three.

13
00:01:01,930 --> 00:01:05,050
It only has a directly connected network.

14
00:01:05,080 --> 00:01:08,920
It doesn't know how to send traffic back to those devices.

15
00:01:08,950 --> 00:01:14,950
We can see that by running debug debug IP ICMP debug IP packet.

16
00:01:16,710 --> 00:01:19,260
I'll do a ping from router one to write a three again.

17
00:01:20,740 --> 00:01:23,620
We can see messages here unreadable.

18
00:01:24,460 --> 00:01:25,470
Unreadable.

19
00:01:25,930 --> 00:01:31,840
So the traffic is getting from the internal hosts to the outside device, rather three, but rather

20
00:01:31,840 --> 00:01:38,350
three doesn't know how to route it back again because the ping is being received from ten 111.

21
00:01:38,350 --> 00:01:44,500
So the local route is trying to send an echo reply back to that address but doesn't know how to get

22
00:01:44,500 --> 00:01:49,510
to that address because there is no route in the routing table.

23
00:01:50,210 --> 00:01:53,180
To get router 3 to 10 111.

24
00:01:53,900 --> 00:01:57,770
So neither rated one out of four are able to ping rather three.

25
00:01:57,950 --> 00:02:00,590
So let's enable nat on router two.

26
00:02:02,000 --> 00:02:06,710
So interface f0/1 ip nat outside.

27
00:02:07,920 --> 00:02:13,590
Now in this example, we need to make an important distinction to the previous NAT examples.

28
00:02:13,950 --> 00:02:23,280
In this example, I am netting multiple devices to the same IP address on router two and that IP address

29
00:02:23,280 --> 00:02:26,190
is configured on Fost Ethernet zero one.

30
00:02:26,190 --> 00:02:30,660
So we are not allocating additional IP addresses to Nat.

31
00:02:32,350 --> 00:02:37,000
This is probably the most common way of doing that in the real world.

32
00:02:37,030 --> 00:02:41,680
So notice I'm using the term Nat and that's what most engineers will call it.

33
00:02:41,680 --> 00:02:48,820
But in actual fact, it's Pat or port address translation or Nat overloading because we're taking multiple

34
00:02:48,820 --> 00:02:57,190
devices and overloading a single IP address to allow those devices to use that single IP address for

35
00:02:57,190 --> 00:02:58,780
access to the Internet.

36
00:02:59,200 --> 00:03:05,230
So what I've done thus far is enable Nat on the outside here and enable Nat on the inside over here.

37
00:03:05,500 --> 00:03:06,520
That's all I've done.

38
00:03:07,610 --> 00:03:09,290
And I'm going to top IP net.

39
00:03:10,120 --> 00:03:18,010
And I'm netting the inside devices and in this case, their source addresses based on an access list,

40
00:03:18,280 --> 00:03:26,170
which I'll create in a moment, access list one, and I'm going to enact them to a physical interface,

41
00:03:26,170 --> 00:03:31,300
fast Ethernet zero one rather than allocating a separate IP address.

42
00:03:31,300 --> 00:03:39,160
And this is the important piece I'm going to overload this net entry to allow multiple devices to access

43
00:03:39,160 --> 00:03:41,530
the Internet using that single address.

44
00:03:42,340 --> 00:03:46,840
Now I have to create the access list, one as referenced in my command.

45
00:03:46,900 --> 00:03:48,880
So access list one permit.

46
00:03:50,680 --> 00:03:53,740
And who's going to be allowed to be netted.

47
00:03:56,960 --> 00:03:58,090
I made a mistake there.

48
00:03:58,090 --> 00:04:03,820
In this case, it should be anyone in the ten 110 network.

49
00:04:03,820 --> 00:04:06,970
So anyone in this network will be netted.

50
00:04:08,320 --> 00:04:10,660
So show IP net translation.

51
00:04:10,660 --> 00:04:12,970
No net translations at the moment.

52
00:04:13,960 --> 00:04:20,470
I'm going to enable telnet on router three.

53
00:04:25,830 --> 00:04:28,140
And I'd rather one I'll do a telnet to router three.

54
00:04:28,140 --> 00:04:36,480
But before I do that, let's enable net debugging on router two so we can see the net debugging in real

55
00:04:36,480 --> 00:04:36,990
time.

56
00:04:37,680 --> 00:04:41,220
Telnet 8.1.12.

57
00:04:42,410 --> 00:04:43,400
Hit Enter.

58
00:04:44,350 --> 00:04:47,950
Notice we can see the net translations taking place.

59
00:04:49,080 --> 00:04:54,150
The source IP address ten 111 is being matted to 8111.

60
00:04:54,180 --> 00:05:00,150
This IP address for traffic sent to 811 to the reply comes back.

61
00:05:00,360 --> 00:05:09,270
So source 8112 sending traffic to 8111 that is netted to ten 111.

62
00:05:10,840 --> 00:05:13,600
So it put my password in of Cisco.

63
00:05:13,630 --> 00:05:16,210
We can see the net translations taking place.

64
00:05:17,420 --> 00:05:18,950
Type A single character.

65
00:05:19,190 --> 00:05:20,900
There's the net translations.

66
00:05:21,940 --> 00:05:24,760
Show IP net translations.

67
00:05:24,940 --> 00:05:27,490
There's the dynamic net translation.

68
00:05:27,880 --> 00:05:30,880
Notice the inside local address ten 111.

69
00:05:30,880 --> 00:05:36,710
Using this ephemeral or random port number is being translated to 8111.

70
00:05:36,730 --> 00:05:42,190
Using the same port number going to 8112 on port 23.

71
00:05:42,730 --> 00:05:49,690
So notice router three is not being translated, but the entries for that address are shown in the table.

72
00:05:50,260 --> 00:05:52,240
Let's do another telnet.

73
00:05:52,240 --> 00:05:55,630
So telnet from router 4 to 8 112.

74
00:05:58,360 --> 00:05:59,290
And log in.

75
00:06:01,250 --> 00:06:02,360
We can see.

76
00:06:02,930 --> 00:06:03,830
Ten 114.

77
00:06:03,860 --> 00:06:07,940
This is part of Ford's IP address is translated to 8111.

78
00:06:08,360 --> 00:06:08,630
Right.

79
00:06:08,630 --> 00:06:13,130
A two IP address for traffic going to 811 to router three.

80
00:06:13,220 --> 00:06:17,000
IP address show IP net translations.

81
00:06:17,450 --> 00:06:25,250
We can see two dynamic net translations one 410 114 and one 410 111.

82
00:06:25,340 --> 00:06:32,810
And this is how router two knows who the traffic is destined to when both router one and router four

83
00:06:32,810 --> 00:06:40,910
telnet into router three, router three sends traffic back to router two, but based on different port

84
00:06:40,910 --> 00:06:46,040
numbers and on router three, I'll just type one character in.

85
00:06:46,950 --> 00:06:48,960
Notice we can see sequence numbers here.

86
00:06:50,150 --> 00:06:52,160
I'll try type another character.

87
00:06:53,270 --> 00:06:53,720
Notice

88
00:06:53,720 --> 00:07:00,240
28832288333435.

89
00:07:00,260 --> 00:07:03,410
And then for the return traffic, we can see the sequence numbers as well.

90
00:07:03,440 --> 00:07:05,960
Show IP net translations.

91
00:07:06,350 --> 00:07:08,240
There are translations once again.

92
00:07:08,510 --> 00:07:14,840
What's important to remember is that when traffic is returned from router three to router two, it's

93
00:07:14,840 --> 00:07:25,240
coming from this address 8112 port 23 going to this address 8111 but using a port number.

94
00:07:25,250 --> 00:07:32,540
So rather two is able to differentiate between the two sessions based on the port number, hence the

95
00:07:32,540 --> 00:07:33,530
term port address.

96
00:07:33,530 --> 00:07:40,940
Translation When traffic arrives from router three at router two with a destination port, number of

97
00:07:40,940 --> 00:07:48,200
this going to 8111, the traffic is going to be forwarded to router one, but when it arrives going

98
00:07:48,200 --> 00:07:49,340
to the same IP address.

99
00:07:49,340 --> 00:07:56,270
But this port number, the traffic is forwarded to router for router two ensures that these port numbers

100
00:07:56,270 --> 00:07:58,700
are unique in the net table.