1
00:00:00,960 --> 00:00:13,650
So wrote a one paying 10 1 1 2 that works right a one can ping Raiatea to rotate one has a static route.

2
00:00:13,700 --> 00:00:20,670
In this case it's a default route sending all traffic to route a to so Ken wrote a one paying 8 1 1

3
00:00:20,700 --> 00:00:32,180
2 3 the pings are coming out on Route 3 show IP route shows us that the router doesn't have any routing

4
00:00:32,180 --> 00:00:33,100
enabled.

5
00:00:33,410 --> 00:00:35,000
It doesn't have a static route.

6
00:00:35,060 --> 00:00:37,670
All it knows about is this network.

7
00:00:38,000 --> 00:00:46,450
So de-bug IP ICMP do that ping again on broadcast 3 we can see that the traffic is arriving.

8
00:00:46,530 --> 00:00:53,840
So router 3 is receiving the pings from Route 1 but it's receiving them from 10 1 1 1.

9
00:00:54,020 --> 00:01:01,970
So Rodda 3 is trying to reply back to the ICMP echo message using this source 8 dot wondered one or

10
00:01:01,980 --> 00:01:05,250
two going to 10 1 1 1.

11
00:01:05,630 --> 00:01:13,640
But the router doesn't have a route back and we can see that by doing de-bug IP packet we can see that

12
00:01:13,640 --> 00:01:21,570
the packets are unreadable rodef 3 doesn't know how to send the traffic back to Route 1.

13
00:01:21,590 --> 00:01:30,310
So let's configure dynamic Nat on Rodek to allow both router and right a one to send traffic to router

14
00:01:30,340 --> 00:01:31,520
3.

15
00:01:31,580 --> 00:01:37,720
So show run pipe include that at the moment no net has been configured.

16
00:01:38,150 --> 00:01:43,970
The first thing I mean to do is go on to the fast isa net zero wanting to face and make that to the

17
00:01:43,970 --> 00:01:50,530
outside interface so this interface is now deemed to be outside from the routers point of view.

18
00:01:51,740 --> 00:01:57,590
Going to foster an 0 0 IP that insight.

19
00:01:57,720 --> 00:02:06,180
So those commands are very similar to static not what we need to do now however is specify a pool and

20
00:02:06,180 --> 00:02:07,390
an access list.

21
00:02:07,430 --> 00:02:14,820
So we'll start with the access list so access list one permit and who are we going to allow to be netted

22
00:02:15,330 --> 00:02:23,820
in this example I'll allow anyone in the 10 1 1 0 network so anyone in this network will be permitted

23
00:02:23,900 --> 00:02:29,440
were allowed to have their addresses translated so that will affect rate of one and wrote a four.

24
00:02:29,700 --> 00:02:37,270
Now I can use the common IP Nat and rather than choosing static I'm going to use the option pool to

25
00:02:37,270 --> 00:02:40,590
define a pool of addresses and then we need to create a name.

26
00:02:40,590 --> 00:02:46,880
So I'm just going to call this Nat Poole what's going to be the first IP address in the pool.

27
00:02:46,930 --> 00:02:51,820
So I need to specify a range of IP addresses on the scene to face.

28
00:02:51,820 --> 00:02:55,590
So I'm going to say 8 1 1 5 2 8 1 1 10.

29
00:02:56,110 --> 00:03:03,070
And then I need to specify the network mask so the network mosque will be a slash 24.

30
00:03:03,070 --> 00:03:12,780
In our example and loosely I need to specify IP not inside source list access list one which we created

31
00:03:13,230 --> 00:03:17,940
is determining who's going to be nattered who's going to be allowed to be nattered and we are going

32
00:03:17,940 --> 00:03:28,840
to net them to a pool of addresses which we called Nat Poole to show run type include and that will

33
00:03:28,840 --> 00:03:32,360
allow me to see the commands that I configured.

34
00:03:32,830 --> 00:03:36,830
We specified that inside and outside interfaces which would be on these two interfaces.

35
00:03:37,240 --> 00:03:47,760
We created a pool of addresses this net command is allowing anyone in access list one.

36
00:03:47,920 --> 00:03:55,630
Any one in this range based on that entry to be netted to an address in the pool and the pool contains

37
00:03:55,720 --> 00:03:58,450
these addresses five to 10.

38
00:03:58,480 --> 00:04:00,890
So I've added six addresses to the pool.

39
00:04:01,120 --> 00:04:05,470
So de-bug IP not to allow us to see things in real time.

40
00:04:05,560 --> 00:04:09,190
Radu one wasn't able to ping rotisserie previously.

41
00:04:09,190 --> 00:04:10,480
Let's see if it works now.

42
00:04:11,670 --> 00:04:18,990
Notice after a while it started working and we can see that this address 10 one on one was translated

43
00:04:19,290 --> 00:04:23,060
to 8 1 1 5 4 traffic going to 8 1 1 2.

44
00:04:23,220 --> 00:04:28,800
So we can see traffic's being netted and then the reply came back.

45
00:04:28,950 --> 00:04:35,140
These pink timeouts are probably Jiyu to the OP taking place between Rodek 2 and 3.

46
00:04:35,520 --> 00:04:37,630
So they on the third attempt.

47
00:04:37,740 --> 00:04:39,150
The reply came back.

48
00:04:39,440 --> 00:04:43,070
So 8 1 1 5 was translated to 10 1 1 1.

49
00:04:43,350 --> 00:04:44,860
And that continues.

50
00:04:44,880 --> 00:04:48,540
Ken Rotto for Ping 8 1 1 2

51
00:04:51,910 --> 00:04:53,500
see them that's taking place.

52
00:04:54,490 --> 00:05:02,560
Pings start succeeding in the output we can see that 10 1 1 4 was translated to to the second address

53
00:05:02,560 --> 00:05:09,690
in the pool 8 1 1 6 for traffic going to 8 1 1 2.

54
00:05:09,720 --> 00:05:17,490
That means that both wrote a one and wrote a form can send traffic to Rodda 3 and Rodda to will dynamically

55
00:05:17,490 --> 00:05:19,660
do the net between the addresses.

56
00:05:19,710 --> 00:05:26,210
So this brought a for he has Rodek to being netted show IP net translation.

57
00:05:26,280 --> 00:05:34,530
Now in this example every ping is going to get a new dynamic not increased so to keep it simple I'm

58
00:05:34,530 --> 00:05:36,000
going to use telnet.

59
00:05:36,000 --> 00:05:40,740
So all the enabled of Etowah lines on rotas 3

60
00:05:49,450 --> 00:05:55,410
and all telnet to routers three from out of one.

61
00:05:56,020 --> 00:05:59,450
And I'll do that from Rotto for as well.

62
00:06:03,430 --> 00:06:12,570
On a TV show Oppy net translation we can see the dynamic and net increase created for those two hosts

63
00:06:12,630 --> 00:06:15,030
accessing rotisserie.

64
00:06:15,120 --> 00:06:25,290
You can see that the Sadrist 10 1 1 1 1 2 2 8 1 1 5 and 10 1 1 4 was net 2 8 1 1 6 and then the actual

65
00:06:25,650 --> 00:06:31,520
traffic for that telnet session is shown as a dynamic entry here with the port numbers.

66
00:06:31,770 --> 00:06:36,950
If we exit out of both of those telnet sessions

67
00:06:39,930 --> 00:06:44,240
after a period of time these dynamic entries will disappear.

68
00:06:47,570 --> 00:06:50,140
I can remove them by typing clay IP.

69
00:06:50,160 --> 00:06:52,570
NET translation store.

70
00:06:53,460 --> 00:06:56,720
So at the moment notice there are no net translations.

71
00:06:56,720 --> 00:07:04,670
As soon as I sent traffic a translation is Karaite it for that host entry.

72
00:07:04,860 --> 00:07:12,400
If I leave it long enough those net translations will time out and be removed.

73
00:07:12,620 --> 00:07:20,120
That's very different to a static net translation where the static net translation stays permanently

74
00:07:20,420 --> 00:07:21,960
in the net table.

75
00:07:23,680 --> 00:07:31,300
As you can see here the net entry is coming out so show IP net translations shows me that that net entry

76
00:07:31,300 --> 00:07:34,670
has been removed from the table.

77
00:07:34,690 --> 00:07:41,230
Now one of the problems with this way of doing network address translation is there is a one to one

78
00:07:41,230 --> 00:07:46,700
mapping between the inside and outside IP addresses in our poll

79
00:07:49,610 --> 00:07:58,420
we only raided a few addresses so show run pipes included that we can see that we've got addresses eight

80
00:07:58,500 --> 00:08:01,170
dot wandered 1.5 up to ten.

81
00:08:01,210 --> 00:08:03,510
So they are only six addresses in the pool.

82
00:08:03,730 --> 00:08:09,000
What happens if we have 100 hosts that need to be nutted onto the Internet.

83
00:08:09,190 --> 00:08:13,290
That's not going to work well with dynamic net or static net.

84
00:08:13,420 --> 00:08:18,970
And that's where overloading comes in in the next demonstration I'll show you how to set up not overloading.