1
00:00:01,050 --> 00:00:05,580
In this video I'm going to show you how to set up and not overloading or port address translation or

2
00:00:05,710 --> 00:00:14,100
pat these two internal devices Route 1 and of for a going to be enacted to the IP address of router

3
00:00:14,130 --> 00:00:19,460
to the router to configure it on the first East and a 0 1 interface with the IP address.

4
00:00:19,470 --> 00:00:26,100
8. wondered wondered one but rather than allocating additional addresses for Nat I'm going to Knecht

5
00:00:26,400 --> 00:00:33,930
both these devices to that single IP address by using port address translational Pat router 3 in this

6
00:00:33,930 --> 00:00:38,970
example is acting as an Internet server on the outside at the moment.

7
00:00:38,970 --> 00:00:49,610
Radu one is not able to ping router three out of four on the inside over here is also not able to ping

8
00:00:49,610 --> 00:00:52,230
rotisserie.

9
00:00:52,450 --> 00:00:53,620
The pings are failing

10
00:00:56,690 --> 00:01:02,180
and that's because there is no routing enabled on Rodda 3.

11
00:01:02,240 --> 00:01:05,130
It only has a directly connected network.

12
00:01:05,300 --> 00:01:09,200
It doesn't know how to send traffic back to those devices.

13
00:01:09,230 --> 00:01:18,800
We can see that by running debug debug IP ICMP debug IP packet I'll do a ping from a one to router three

14
00:01:18,850 --> 00:01:20,870
again.

15
00:01:20,990 --> 00:01:26,030
We can see messages here unrideable unrideable.

16
00:01:26,220 --> 00:01:30,370
So the traffic is getting from the internal hosts to the outside device.

17
00:01:30,370 --> 00:01:37,170
Robert 3 but rotisserie doesn't know how to route it back again because the ping is being received from

18
00:01:37,200 --> 00:01:44,070
10 1 1 1 so the local router is trying to send an echo reply back to that address but doesn't know how

19
00:01:44,070 --> 00:01:49,620
to get to that address because there is no rot in the writing table.

20
00:01:50,420 --> 00:01:58,150
To get router three to 10 one one one so neither Route 1 or rod of four are able to ping Rodda three.

21
00:01:58,210 --> 00:02:01,200
So let's enable that on rockety.

22
00:02:02,200 --> 00:02:08,000
So interface if 0 1 IP not outside.

23
00:02:08,180 --> 00:02:15,100
Now in this example we need to make an important distinction to the previous net examples in this example

24
00:02:15,110 --> 00:02:24,720
I am netting multiple devices to the same IP address on router 2 and that IP address is configured on.

25
00:02:24,730 --> 00:02:32,330
Ethan it is 0 1 so we are not allocating a missional IP addresses to Nat.

26
00:02:32,510 --> 00:02:37,090
This is probably the most common way of doing NAT in the real world.

27
00:02:37,340 --> 00:02:41,800
So Notice I'm using the term Nat and that's what most engineers will call it.

28
00:02:41,810 --> 00:02:48,830
But in actual fact it's Pat or port address translation or Knecht overloading because we taking multiple

29
00:02:49,010 --> 00:02:57,230
devices and overloading a single IP address to allow those devices to use that single IP address for

30
00:02:57,230 --> 00:02:59,420
access to the Internet.

31
00:02:59,420 --> 00:03:05,420
So what I've done thus far is enable Nat on the outside here and enable that on the inside of car.

32
00:03:05,720 --> 00:03:13,850
That's all I've done and I'm going to type IP Nat and I'm netting the inside devices.

33
00:03:13,850 --> 00:03:20,000
And in this case they source addresses based on an access list which I'll create in a moment access

34
00:03:20,060 --> 00:03:26,620
list one and I'm going to enact them to a physical interface first.

35
00:03:26,630 --> 00:03:31,440
Ethan it is 0 1 rather than allocating a separate IP address.

36
00:03:31,580 --> 00:03:39,230
And this is the important piece I'm going to overload this next entry to allow multiple devices to access

37
00:03:39,230 --> 00:03:42,410
the internet using that single address.

38
00:03:42,570 --> 00:03:51,320
I have to create to the access list one as referenced in my command access list one permit and who's

39
00:03:51,320 --> 00:03:53,630
going to be allowed to be nattered

40
00:03:57,160 --> 00:03:58,140
made a mistake.

41
00:03:58,200 --> 00:04:03,910
In this case it should be anyone in the 10 1 1 0 network.

42
00:04:03,930 --> 00:04:10,760
So anyone in this network will be nattered so show i.p that translation.

43
00:04:10,940 --> 00:04:13,310
No not translations at the moment.

44
00:04:14,130 --> 00:04:20,310
I'm going to enable Telenet on rotisserie

45
00:04:26,060 --> 00:04:28,210
and a of one I'll do a telnet to router three.

46
00:04:28,220 --> 00:04:36,530
But before I do that let's enable not debugging on router too so we can see the net debugging in real

47
00:04:36,530 --> 00:04:38,070
time.

48
00:04:38,070 --> 00:04:49,670
Telnet eight hundred one to two hit enter notice we can see the net translations taking place the source

49
00:04:49,670 --> 00:04:59,570
IP address 10 one on 1 is being netted 2 8 1 1 1 the IP address for traffic S. 2 8 1 1 2 the reply comes

50
00:04:59,570 --> 00:05:00,290
back.

51
00:05:00,590 --> 00:05:05,250
So Source 8 1 1 2 sending traffic 2 8 2 1 1 1.

52
00:05:05,390 --> 00:05:13,690
That is not to add 2 10 1 1 1 so I put my post-wedding of Cisco.

53
00:05:13,920 --> 00:05:19,140
We can see the translations taking place type a single character.

54
00:05:19,420 --> 00:05:25,140
There's the net translations show IP net translations.

55
00:05:25,230 --> 00:05:30,960
There's the dynamic net translation notice inside a local address 10 1 1 1.

56
00:05:31,000 --> 00:05:38,350
Using this ephemeral or random port number is being translated to 8 1 1 1 using the same port number

57
00:05:38,890 --> 00:05:42,940
going to 8 1 1 2 on port 23.

58
00:05:42,940 --> 00:05:50,390
So notice rotisseries not being translated but the entries for that address are shown in the table.

59
00:05:50,470 --> 00:05:55,510
Let's do a nother telnet so from Rotto 4 to 8 1 1 2

60
00:05:58,570 --> 00:06:09,360
and log in we can see 10 1 1 for this is not a full IP address is translated to 8 1 1 1 router TOS IP

61
00:06:09,360 --> 00:06:19,140
address for traffic going to 8 1 1 2 roaded 3s IP address show IP net translations we can see two dynamic

62
00:06:19,140 --> 00:06:25,680
and net translations one for 10 1 1 4 and 1 for 10 1 1 1.

63
00:06:25,680 --> 00:06:33,510
And this is how rodded to knows that the traffic is destined to win both Rodda 104 telnetting throughout

64
00:06:33,510 --> 00:06:38,360
history rotatory since traffic back to rodder too.

65
00:06:38,610 --> 00:06:47,810
But based on different port numbers and on router 3 Alceste type one character in noticed we could see

66
00:06:47,810 --> 00:06:49,100
sequence numbers here.

67
00:06:50,370 --> 00:07:00,270
Try type another character notice 2 8 8 3 2 2 8 8 3 3 3 4 3 5.

68
00:07:00,570 --> 00:07:03,620
And then for the return traffic we can see the sequence numbers as well.

69
00:07:03,690 --> 00:07:10,380
Show IP net translations there are translations once again what's important to remember is that when

70
00:07:10,380 --> 00:07:20,820
traffic is returned from rotatory to rodded to it's coming from the address 8 1 1 to port 23 going to

71
00:07:20,840 --> 00:07:22,840
this address 8 1 1 1.

72
00:07:23,100 --> 00:07:30,570
But using a port number so so rodded too is able to differentiate between the two sessions based on

73
00:07:30,570 --> 00:07:31,760
the port number.

74
00:07:31,830 --> 00:07:40,320
Hence the term port address translation when traffic arrives from rotisserie at rodded to with a destination

75
00:07:40,320 --> 00:07:43,600
port number of the US going to eight triple one.

76
00:07:43,680 --> 00:07:46,540
The traffic is going to be forwarded to Route 1.

77
00:07:46,800 --> 00:07:49,400
But when it arrives going to the same IP address.

78
00:07:49,410 --> 00:07:56,340
But this port number the traffic is forwarded to router for router to ensures that these port numbers

79
00:07:56,370 --> 00:07:58,780
are unique in the next table.