5. NAT overload
5.1. Configuring
For the sw3 network, we'll also configure NAT, but with NAT overload.
Once again, we'll need to define the inside and outside of the network. The
outside is ofcourse dc_core again. And we'll configure e0/1 as
10.128.2.1:
int e0/1 ip address 10.128.2.1 255.255.255.0 no shut
We'll define the NAT interfaces:
int e0/0 ip nat outside int e0/1 ip nat inside
For static NAT, we defined the translations next. NAT overload
uses an ACL as source:
ip access-list standard NAT permit 10.128.2.1 0.0.0.255
For the ACL, we used a named ACL. Also, for ACLs, wildcard masks are used
not netmasks.
And lastly, configure the NAT:
ip nat inside source list NAT interface e0/0 overload
And we're able to ping host4 from host8:
vagrant ssh precise8 -c 'ping -c1 10.128.1.4' PING 10.128.1.4 (10.128.1.4) 56(84) bytes of data. 64 bytes from 10.128.1.4: icmp_req=1 ttl=254 time=25.9 ms --- 10.128.1.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 25.949/25.949/25.949/0.000 ms Connection to 127.0.0.1 closed.
And the result for the NAT will be:
R3#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 10.128.1.3:1363 10.128.2.107:1363 10.128.1.4:1363 10.128.1.4:1363 icmp 10.128.1.3:1381 10.128.2.108:1381 10.128.1.4:1381 10.128.1.4:1381 icmp 10.128.1.3:1339 10.128.2.109:1339 10.128.1.4:1339 10.128.1.4:1339 R3#
Or, if you start an ssh from host8 to host5: