Fichier a telecharger: nat_clean.pkt
Logiciel: packet tracer
- Configurer les interfaces des routeurs
- Mettre en place un DHCP sur les routeurs
- Mettre en place OSPF avec authentification MD5
- Mettre en place du NAT Statique sur le lien de R0 vers R1 en utilisant les IP du pool 80.0.0.0/24
- Mettre en place du NAT Dynamic sur le lien de R1 vers R2 en utilisant le pool 81.0.0.0/24
- Mettre en place du PAT sur le lien de R2 vers R0 en surchargeant l'IP de l'interface de R2.
NB: Vous devez penser à spécifier les réseaux utilisé par le NAT dans votre routage (soit via OSPF soit via du routage statique)
Maintenant, observez la différence dans les informations source et destination des paquets.
****************************************************
Correction
****************************************************1.- Configuration des interfaces LAN & DHCP:
````````````````````````````````````````````````
R0:
int f1/0
description LAN0
ip address 192.168.0.254 255.255.255.0
no shutdown
int F0/0
description -->R1
ip address 1.0.0.1 255.255.255.252
no shutdown
int F0/1
description -->R2
ip address 1.0.0.5 255.255.255.252
no shutdown
ip dhcp pool LAN0
default-router 192.168.0.254
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8
R1:
int e1/0
description LAN1
ip address 192.168.1.126 255.255.255.128
no shutdown
int f0/0
description -->R0
ip address 1.0.0.2 255.255.255.252
no shutdown
int f0/1
description -->R2
ip address 1.0.0.9 255.255.255.252
no shutdown
ip dhcp pool LAN1
default-router 192.168.1.126
network 192.168.1.0 255.255.255.128
dns-server 8.8.8.8
R2:
int e1/0
description LAN2
ip address 192.168.2.62 255.255.255.192
no shutdown
int f0/1
description -->R1
ip address 1.0.0.10 255.255.255.252
no shutdown
int f0/0
description -->R0
ip address 1.0.0.6 255.255.255.252
no shutdown
ip dhcp pool LAN2
default-router 192.168.2.62
network 192.168.2.0 255.255.255.192
dns-server 8.8.8.8
2.- Configuration de OSPF avec auth MD5:
```````````````````````````````````````````
R0:
router ospf 24
network 192.168.0.0 0.0.0.255 area 0
network 1.0.0.0 0.0.0.3 area 0
network 1.0.0.4 0.0.0.3 area 0
passive-interface f1/0
int range f0/0 - 1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 learning
R1:
router ospf 25
network 192.168.1.0 0.0.0.127 area 0
network 1.0.0.8 0.0.0.3 area 0
network 1.0.0.0 0.0.0.3 area 0
passive-interface e1/0
int range f0/0 - 1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 learning
R2:
router ospf 26
network 192.168.2.0 0.0.0.63 area 0
network 1.0.0.8 0.0.0.3 area 0
network 1.0.0.4 0.0.0.3 area 0
passive-interface e1/0
int range f0/0 - 1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 learning
3.- Creation d'une route statique
````````````````````````````````````````
3.1- De R1 vers R0 pour le réseau 80.0.0.0/24, réseau utilisé pour notre NAT Statique:
R0(config)#ip route 80.0.0.0 255.255.255.0 fastEthernet 0/0
R1(config)#ip route 80.0.0.0 255.255.255.0 fastEthernet 0/0
3.2- De R2 vers R1 pour le réseau 81.0.0.0/24, réseau utilisé pour notre NAT Dynamique:
R1(config)#ip route 81.0.0.0 255.255.255.0 fastEthernet 0/1
R2(config)#ip route 81.0.0.0 255.255.255.0 fastEthernet 0/1
4.- NAT Static sur R0 vers R1
```````````````````````````````````````````````
4.1- Definir les interfaces inside/outside
Router0(config)#int f1/0
(config-if)#ip nat inside
(config-if)#int range f0/0-1
(config-if-range)#ip nat outside
4.2- Regles de translation
Router0(config)#ip nat inside source static 192.168.0.1 80.0.0.1
ip nat inside source static 192.168.0.2 80.0.0.2
ip nat inside source static 1.0.0.6 80.0.0.3
4.3- Verification
R0#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 80.0.0.1 192.168.0.1 --- ---
--- 80.0.0.2 192.168.0.2 --- ---
Router0#show ip nat statistics
Total translations: 3 (3 static, 0 dynamic, 0 extended)
Outside Interfaces: FastEthernet0/0
Inside Interfaces: FastEthernet0/1 , FastEthernet1/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
!---sortie tronquee---!
5.- NAT Dynamic sur R1 vers R2
```````````````````````````````````
5.1- Creation de l'ACL nomme Etendu
R1(config)#ip access-list extended NATdyn
R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.127 any
5.2- Creation d'un pool
Router1(config)#ip nat pool NATpool 81.0.0.10 81.0.0.20 netmask 255.255.255.0
5.3- Regle de translation pour faire du NAT sur notre pool
Router1(config)#ip nat inside source list NATdyn pool NATpool
5.4- Definir les interfaces inside/outside
Router1(config)#int e1/0
(config-if)#ip nat inside
(config-if)#int range f0/0-1
(config-if-range)#ip nat outside
5.5- Verification
PC3>tracert 192.168.1.1
Tracing route to 192.168.1.1 over a maximum of 30 hops:
1 11 ms 11 ms 2 ms 192.168.0.254
2 * * * Request timed out. <=== ARP
3 * 119 ms 36 ms 1.0.0.2
4 36 ms 45 ms 17 ms 81.0.0.11
Trace complete.
R1# debug ip nat <== pour voir ce qui se passe en direct
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 81.0.0.11:43 192.168.1.1:43 80.0.0.2:43 80.0.0.2:43
icmp 81.0.0.11:44 192.168.1.1:44 80.0.0.2:44 80.0.0.2:44
icmp 81.0.0.11:45 192.168.1.1:45 80.0.0.2:45 80.0.0.2:45
icmp 81.0.0.11:46 192.168.1.1:46 80.0.0.2:46 80.0.0.2:46
PC5>tracert 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops:
1 13 ms 12 ms 9 ms 192.168.1.126
2 * 11 ms 6 ms 1.0.0.10
3 * * * Request timed out.
PC2>tracert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops:
1 12 ms 6 ms 21 ms 192.168.1.126
2 * 26 ms 30 ms 1.0.0.10
3 * * * Request timed out.
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 81.0.0.13:217 192.168.1.1:217 192.168.0.1:217 192.168.0.1:217
icmp 81.0.0.13:218 192.168.1.1:218 192.168.0.1:218 192.168.0.1:218
icmp 81.0.0.13:219 192.168.1.1:219 192.168.0.1:219 192.168.0.1:219
icmp 81.0.0.13:220 192.168.1.1:220 192.168.0.1:220 192.168.0.1:220
icmp 81.0.0.12:334 192.168.1.26:334 192.168.2.1:334 192.168.2.1:334
icmp 81.0.0.12:335 192.168.1.26:335 192.168.2.1:335 192.168.2.1:335
icmp 81.0.0.12:336 192.168.1.26:336 192.168.2.1:336 192.168.2.1:336
6.- PAT sur R2 vers R0 en surchargeant l'IP de l'interface R2
``````````````````````````````````````````````````````````````
6.1- Definir les interfaces inside/outside
Router2(config)#int e1/0
(config-if)#ip nat inside
(config-if)#int range f0/0-1
(config-if-range)#ip nat outside
6.2- Creation d'un ACL standart nomme
Router2(config)#ip access-list standard PAT_2
Router2(config-std-nacl)#permit 192.168.2.0 0.0.0.63
6.3- Regle de translation PAT
Router2(config)#ip nat inside source list PAT_2 interface f0/0 overload
6.4- Verification
PC1>tracert 192.168.1.26
Tracing route to 192.168.1.26 over a maximum of 30 hops:
1 9 ms 19 ms 5 ms 192.168.2.62
2 14 ms 4 ms 5 ms 1.0.0.9
3 * * * Request timed out.
PC4>tracert 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops:
1 10 ms 8 ms 7 ms 192.168.2.62
2 4 ms 7 ms 21 ms 1.0.0.5
3 * * * Request timed out.
R2#clear ip nat translation ?
* Deletes all dynamic translations
R2#clear ip nat translation *
R2#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 1.0.0.6:219 192.168.2.1:219 192.168.1.26:219 192.168.1.26:219
icmp 1.0.0.6:166 192.168.2.2:166 192.168.0.1:166 192.168.0.1:166
Fichier contenant la correction a telecharger: nat_correction.pkt
Aucun commentaire:
Enregistrer un commentaire