NOTE: Make sure you replace X with your Campus number.
Create a pool of addresses to use for NAT:
ip nat pool CAMPUSX 100.68.X.33 100.68.X.46 prefix-length 28
Create an access list that defines the addresses that should be translated:
ip access-list extended NATplus remark Do not NAT the NREN address range deny ip 100.68.0.0 0.0.0.255 any remark Do not NAT our public addresses deny ip 100.68.X.0 0.0.0.255 any remark Do not NAT traffic that stays internal deny ip 172.2X.0.0 0.0.255.255 172.2X.0.0 0.0.255.255 remark NAT traffic which goes to the Internet permit ip 172.2X.0.0 0.0.255.255 any remark Do not NAT anything else - and log anything that gets this far deny ip any any log
Link the access list and the address pool together:
ip nat inside source list NATplus pool CAMPUSX overload
The command you have just entered will look for incoming packets matching the NATplus list, and translate them into the address specified in CAMPUSX. The “overload” command ensures that the router can map many internal addresses to the small range of external public addresses. Without “overload”, the router NAT will simply map one internal address to one external address - and with only 14 addresses in the CAMPUSX pool, that would mean only 14 internal addresses would be NATed before the pool is exhausted.
Now add address translation to the network interfaces:
interface FastEthernet0/0 description Link to NREN ip nat outside ! interface FastEthernet0/1 description Link to Core Router ip nat inside !
Log into one of your switches. These have addresses in the 172.2X.0.0/16 range.
Can you ping your border router?
Now try to ping one of the NREN Transit routers on 10.10.0.201 or 10.10.0.202 - does it work?
Can you ping 10.10.0.254? This is the default gateway in the workshop network.
The Transit routers don't know anything about your 172.2X.0.0/16 so if the Network Address Translation is working then the original IP address of the packet has been translated into the range:
You can use the command
show ip nat translations
on your Border router to see what's happening.
Can you ping hosts on the wider Internet from one of your switches? For example, can you ping 22.214.171.124?
If the ping works, try using trace to 126.96.36.199. What do you see?