Sie sind auf Seite 1von 41

Lab 2-2: Connecting to the

Internet
Activity Overview
Objectives
In this activity, you will establish Internet connectivity by enabling static routing, DHCP, and NAT. After
completing this activity, you will be able to meet these objectives:
Configure a static default route
Enable DHCP on a public interface
Configure NAT using a pool
Configure NAT with PAT





Visual Objective
The figure illustrates what you will accomplish in this activity.
Visual Objective for Lab 2-2: Connecting to the
Internet
Branch Server
HQ
PC1 SW1
PC2 SW2
2013 Cisco Systems, Inc.
Detailed Visual Objective
Configure NAT
with PAT. Branch HQ
Outside Internet Server
Inside
Configure static and DHCP-
obtained IP addresses.
PC1 SW1
PC2
2013 Cisco Systems, Inc.
Required Resources




No additional resources are required for this lab.
L32 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Command List
The table describes the commands that are used in this activity. The commands are listed in alphabetical
order so that you can easily locate the information that you need. Refer to this list if you need configuration
command assistance during the lab activity.
Command Description
access-list acl_id permit network Configures a standard ACL that permits a network
wildcard_mask
configure terminal Enters global configuration mode
debug ip icmp Enables debugging of ICMP packets
interface interface Enters interface configuration mode
ip address dhcp Configures an interface to obtain an IP address using DHCP
ip address ip_address network_mask Configures an IP address manually on an interface
ip nat inside Configures an interface as NAT inside interface
ip nat inside source list acl_id pool Configures a dynamic source NAT rule that translates addresses into
pool_name IP addresses defined in the pool
ip nat inside source list acl_id interface Configures a dynamic source NAT or PAT rule that translates
interface_name overload addresses into the IP address of an interface
ip nat outside Configures an interface as a NAT outside interface
ip nat pool pool_name start_IP end_IP Configures a NAT pool
netmask mask
ip route network network_mask Configures a static route
next_hop_address
ping ip_address Pings an IP address
show ip interface brief Displays the status and IP addresses of interfaces
show ip nat translations Displays active NAT translations
show ip route Displays the routing table
show users Displays information about the active lines on a router
shutdown Disables an interface
telnet ip_address Establishes a Telnet session to an IP address
terminal monitor Redirects debugging output to a Telnet session
undebug all Disables all debugging
Job Aids
These job aids are available to help you complete the lab activity.




The table shows the hardware that is used in the lab and the operating system that is running on the devices.
2013 Cisco Systems, Inc. Lab Guide L33





Device Hardware Operating System
Branch Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1
HQ Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1
SW1 Catalyst 2960 Series Switch c2960-lanbasek9-mz.150-1.SE3
PC1 Any PC Microsoft Windows 7
PC2 Any PC Microsoft Windows 7
There are no console or enable passwords set for the routers and switches in the initial lab setup. The table
shows the username and password that are used to access PC1 and PC2.
Device Username Password
PC1 Administrator admin
PC2 Administrator admin
Topology and IP Addressing
Devices are connected with Ethernet links. The figure illustrates the interface identification and IP
addresses that are used in this lab setup.
Topology and IP Addressing
Gi0/1 Gi0/1
209.165.201.1 209.165.201.2
Branch Server
Internet
VLAN 1: 10.1.1.1 172.16.1.100
Gi0/0 HQ
Fa0/13
PC1 SW1
Fa0/1 10.1.1.11
10.1.1.100 Fa0/30/3
PC2
10.1.1.101
2013 Cisco Systems, Inc.
The table shows the interface identification and IP addresses that are used in this lab setup.
Device Interface IP Address/Subnet Mask
Branch Gi0/1 209.165.201.1/27




Branch Gi0/0 10.1.1.1/24
HQ Gi0/1 209.165.201.2/27
L34 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Device Interface IP Address/Subnet Mask
HQ Loopback0 172.16.1.100/24
SW1 VLAN1 10.1.1.11/24
PC1 Ethernet adapter local area connection 10.1.1.100/24
PC2 Ethernet adapter local area connection 10.1.1.101/24
Task 1: Configure a Manual IP Address and Static
Default Route
In this task, you will configure an IP address on the Internet-facing interface of the Branch router. You will
also configure a static default route on the Branch router to reach Internet networks. Then you will verify
connectivity between the Branch router, HQ router, and server.
Activity Procedure
Complete the following steps:
Step 1
Access the Branch router.
Step 2
Verify interface status and IP address on the Branch router.
Branch#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.1.1.1 YES manual up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
You should see that only GigabitEthernet0/0 is up and configured with an IP address.
Step 3
Enable the GigabitEthernet0/1 interface. Manually assign the 209.165.201.1 IP address to the interface. Use
a mask of 255.255.255.224.




2013 Cisco Systems, Inc. Lab Guide L35
Branch(config)#interface gigabitEthernet 0/1
Branch(config-if)#ip address 209.165.201.1 255.255.255.224
Branch(config-if)#no shutdown





Step 4
Verify interface status and IP address on the Branch router again.
Branch#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.1.1.1 YES manual up up
GigabitEthernet0/1 209.165.201.1 YES manual up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
Serial0/0/0 unassigned YES manual administratively down down
The GigabitEthernet0/1 interface should be up and it should have an IP address configured.
Step 5
From the Branch router, ping the HQ router at 209.165.201.2.
Branch#ping 209.165.201.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 m
The ping should be successful, because the destination IP address is in a directly connected network.
Step 6
From the Branch router, ping the server at 172.16.1.100, which is behind the HQ router.
Branch#ping 172.16.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The ping should not be successful. What is the reason for an unsuccessful ping?




L36 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 7
Verify the routing table on the Branch router.
Branch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 is directly connected, GigabitEthernet0/1
L 209.165.201.1/32 is directly connected, GigabitEthernet0/1
Is there a route present for the IP address of the server?
Step 8
On the Branch router, configure a static default route that points to the next-hop IP address 209.165.201.2.
Step 9
Save the running configuration to the startup configuration.
Step 10
From the Branch router, ping the server at 172.16.1.100 again.
Branch#ping 172.16.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
The ping should be successful because you configured a static default route.
Branch(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2
Branch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]




2013 Cisco Systems, Inc. Lab Guide L37





Step 11
Verify the routing table on the Branch router.
Branch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 209.165.201.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 209.165.201.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 is directly connected, GigabitEthernet0/1
L 209.165.201.1/32 is directly connected, GigabitEthernet0/1
The default route is designated with S and an asterisk (*).
Step 12
Remove the previously configured static default route from the Branch router to prepare the router for the
next task.
Step 13
Verify the routing table on the Branch router again to make sure that no default route is present on the
router.
Branch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 is directly connected, GigabitEthernet0/1
Branch(config)#no ip route 0.0.0.0 0.0.0.0 209.165.201.2




L 209.165.201.1/32 is directly connected, GigabitEthernet0/1
L38 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Activity Verification
No additional verification is needed in this task.
Task 2: Configure a DHCP-Obtained IP Address
In this task, you will configure the Branch router to obtain an IP address using DHCP from the HQ router.
The HQ router has been preconfigured as a DHCP server. You will also verify connectivity between the
Branch router, HQ router, and server.
Activity Procedure
Complete the following steps:
Step 1
Access the Branch router.
Step 2
Configure the GigabitEthernet0/1 interface to obtain an IP address using DHCP.
Step 3
Save the running configuration to the startup configuration.
Step 4
Verify interface status and IP address on the Branch router.
Branch#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.1.1.1 YES manual up up
GigabitEthernet0/1 209.165.201.1 YES DHCP up up
The GigabitEthernet0/1 interface should be up and it should have an IP address that was configured through
DHCP. Write down the IP address in the space that is provided.
Branch(config)#interface gigabitEthernet 0/1
Branch(config-if)#ip address dhcp
Branch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]




2013 Cisco Systems, Inc. Lab Guide L39





Step 5
Verify the routing table on the Branch router.
Branch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 209.165.201.2 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 209.165.201.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 is directly connected, GigabitEthernet0/1
L 209.165.201.3/32 is directly connected, GigabitEthernet0/1
You should see a default route present in the table. Where did the default route come from?
Step 6
From the Branch router, ping the HQ router at 209.165.201.2.
Branch#ping 209.165.201.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 m
The ping should be successful.
Step 7
From the Branch router, ping the server at 172.16.1.100.
Branch#ping 172.16.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms




The ping should be successful because the Branch router received knowledge of the default gateway from
the DHCP server. The Branch router set the default route automatically and it set the route next-hop IP
address to the IP address of the default gateway..
L40 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 8
Access PC1.
Step 9
From PC1, ping the Branch router at its public IP address, which was obtained through DHCP.
C:\>ping 209.165.201.1
Pinging 209.165.201.1 with 32 bytes of data:
Reply from 209.165.201.1: bytes=32 time=1ms TTL=255
Reply from 209.165.201.1: bytes=32 time<1ms TTL=255
Reply from 209.165.201.1: bytes=32 time<1ms TTL=255
Reply from 209.165.201.1: bytes=32 time<1ms TTL=255
Ping statistics for 209.165.201.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
The ping should be successful.
Step 10
From PC1, ping the server at 172.16.1.100.
C:\>ping 172.16.1.100
Pinging 172.16.1.100 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 172.16.1.100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The ping should not be successful. In the next step, you will examine why the ping is not successful.
Step 11
Return to the Branch router and establish a remote Telnet session to the HQ router at 209.165.201.2. Enable
debugging of ICMP packets using the debug ip icmp command. Direct the output of the debug messages to
the Telnet session using the terminal monitor command. Leave the console window open.
Branch#telnet 209.165.201.2
Trying 209.165.201.2 ... Open
HQ#debug ip icmp




ICMP packet debugging is on
HQ#terminal monitor
2013 Cisco Systems, Inc. Lab Guide L41





Note Establishing remote Telnet sessions and redirecting output of the debug messages to a remote session
has not been discussed so far. In this task, it is needed only to verify that packets from PC1 actually
reach the HQ router.
Step 12
Return to PC1 and ping the server at 172.16.1.100 again. Return to the HQ Telnet session and observe the
debugging messages.
HQ#
Sep 7 13:18:27.881: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100,
topology BASE, dscp 0 topoid 0
HQ#
Sep 7 13:18:32.853: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100,
topology BASE, dscp 0 topoid 0
HQ#
Sep 7 13:18:37.857: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100,
topology BASE, dscp 0 topoid 0
HQ#
Sep 7 13:18:42.861: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100,
topology BASE, dscp 0 topoid 0
You should see one debugging message for each ping packet coming from PC1. You can see that the pings
actually reach the HQ router and replies are sent back to PC1. However, the HQ router is not aware of the
network that PC1 is coming from and therefore discards the returning packets. You can verify this
conclusion by verifying the routing table on the HQ router.
What solution could be implemented on the Branch router to overcome this problem?
Step 13
Return to the HQ Telnet session. Disable debugging and exit the Telnet session.
HQ#undebug all
All possible debugging has been turned off
HQ#exit
[Connection to 209.165.201.2 closed by foreign host]
Branch#
Activity Verification
No additional verification is needed in this task.
Task 3: Configure NAT
In this task, you will configure dynamic NAT on the Branch router to translate the IP addresses of inside
hosts to public IP addresses. Then, you will verify the NAT configuration and connectivity from PC1 and




PC2 to the server.
L42 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Activity Procedure
Complete the following steps:
Step 1
Access the Branch router.
Step 2
Configure a standard ACL that allows the 10.1.1.0/24 network. Use 1 as the ACL identifier. This ACL will
be used to define networks that are eligible for NAT translations.
Step 3
Create a NAT pool with the following parameters:
Pool name NAT_POOL
Starting IP address 209.165.201.5
Ending IP address 209.165.201.10
Network mask 255.255.255.224
How many hosts that require NAT can you accommodate at the same time using this NAT pool?
Step 4
Configure the GigabitEthernet0/0 interface as the NAT inside interface.
Note When you enable the interface as NAT inside, the router will block for approximately 1 minute. After that,
you will see a log message about the router creating NVI0 interface. This interface is used internally by
the router to perform NAT.
Step 5
Configure the GigabitEthernet0/1 interface as the NAT outside interface.
Step 6
Configure a dynamic source NAT rule that will translate inside hosts into the IP addresses that were defined
in the previously configured NAT pool. Use the previously configured ACL to specify hosts that are
eligible for translations, and use the previously configured NAT pool.
access-list 1 permit 10.1.1.0 0.0.0.255
ip nat pool NAT_POOL 209.165.201.5 209.165.201.10 netmask 255.255.255.224
Branch(config)#interface GigabitEthernet0/0
Branch(config-if)#ip nat inside
Branch(config)#interface GigabitEthernet0/1
Branch(config-if)#ip nat outside




Step 7
Save the running configuration to the startup configuration.
2013 Cisco Systems, Inc. Lab Guide L43
Branch(config)#ip nat inside source list 1 pool NAT_POOL
Branch(config)#exit
Branch#copy running-config startup-config





Activity Verification
You have completed this task when you attain these results:
Step 1
Access PC1. Open PuTTY by double-clicking the PuTTY icon and establish a remote Telnet session to the
server at 172.16.1.100 by clicking the Telnet radio button and entering the IP address into the Host Name
input field.
You should be successful.
Note Recall that the server is actually implemented as loopback interface on the HQ router. Therefore, you will
actually establish a Telnet session to the HQ router for testing purposes.




L44 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 2
Verify the user connection to the server using the show users command. This command will display
management sessions to the router via console or via remote access.
HQ#show users
Line User Host(s) Idle Location
0 con 0 idle 00:42:00
*514 vty 0 idle 00:00:00 209.165.201.5
You should see that the Telnet session from PC1 is seen as originating from a translated IP address. The
translated IP address is the first free IP address from the NAT pool.
Note The session marked with an asterisk (*) is the one that is currently active and used.




2013 Cisco Systems, Inc. Lab Guide L45





Step 3
Access PC2. Open PuTTY by double-clicking the PuTTY icon and establish a Telnet session to the server
at 172.16.1.100.
If PC2 is not configured with an IP address, assign it an IP address of 10.1.1.101/24.
You should be successful.




L46 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 4
Verify the user connection to the server using the show users command.
HQ#show users
Line User Host(s) Idle Location
514 vty 0 idle 00:00:29 209.165.201.5
*515 vty 1 idle 00:00:00 209.165.201.6
You should see that the Telnet session from PC2 is seen as originating from a translated IP address. The
translated IP address is the next free IP address from the NAT pool.
Step 5
Return to the Branch router. Verify that there are active NAT translations.
Branch#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 209.165.201.5:1035 10.1.1.100:1035 172.16.1.100:23 172.16.1.100:23
--- 209.165.201.5 10.1.1.100 --- ---
tcp 209.165.201.6:1030 10.1.1.101:1030 172.16.1.100:23 172.16.1.100:23
--- 209.165.201.6 10.1.1.101 --- ---
Notice that inside local IP addresses are translated into inside global IP addresses.
Step 6
Close the Telnet session on PC1 and PC2.
Task 4: Configure NAT with PAT
In this task, you will configure dynamic NAT with PAT on the Branch router to translate the IP addresses
of inside hosts to the public IP address of the Branch router. Then you will verify the NAT configuration
and connectivity from PC1 and PC2 to the server.
Activity Procedure
Complete the following steps:
Step 1
Return to the Branch router.
Step 2




Remove the previously configured dynamic NAT rule.
2013 Cisco Systems, Inc. Lab Guide L47
Branch(config)#no ip nat inside source list 1 pool NAT_POOL
Dynamic mapping in use, do you want to delete all entries? [no]: yes





Step 3
Configure a dynamic source NAT/PAT (NAT with overload) rule that will translate inside hosts into the IP
address of the router outside interface. Use the previously configured ACL to specify the hosts that are
eligible for translations.
How many hosts that require NAT can you accommodate at the same time by overloading the IP address of
the interface?
Step 4
Save the running configuration to the startup configuration.
Activity Verification
You have completed this task when you attain these results:
Branch(config)#ip nat inside source list 1 interface GigabitEthernet0/1 overload
Branch(config)#exit
Branch#copy running-config startup-config




L48 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 1
Access PC1. Open PuTTY by double-clicking the PuTTY icon and establish a Telnet session to the server
at 172.16.1.100.
You should be successful.
Step 2
Verify the user connection to the server using the show users command.
HQ#show users
Line User Host(s) Idle Location
*514 vty 0 idle 00:00:00 209.165.201.1




You should see that the Telnet session from PC1 is seen as originating from the IP address of the Branch
router outside interface.
2013 Cisco Systems, Inc. Lab Guide L49





Step 3
Access PC2. Open PuTTY by double-clicking the PuTTY icon and establish a Telnet session to the server
at 172.16.1.100.
You should be successful.




L50 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.





Step 4
Verify the user connection to the server using the show users command.
HQ#show users
Line User Host(s) Idle Location
514 vty 0 idle 00:01:05
209.165.201.1
*515 vty 1 idle 00:00:00
209.165.201.1
You should see that the Telnet session from PC2 is again seen as originating
from the IP address of the
Branch router outside interface.
Step 5
Return to the Branch router. Verify that there are active NAT translations.
Branch#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
tcp 209.165.201.1:1042 10.1.1.100:1042 172.16.1.100:23
172.16.1.100:23
tcp 209.165.201.1:1036 10.1.1.101:1036 172.16.1.100:23
172.16.1.100:23
Notice that two inside local IP addresses are translated into the same inside
global IP address, which is
configured on the Branch router outside interface. To provide two distinct
translations, different source
ports are used.
Step 6
Close the Telnet session on PC1 and PC2.




2013 Cisco Systems, Inc.
Lab Guide L51