cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1637
Views
1
Helpful
8
Replies

NAT In Packet Tracer

ahdafadi
Level 1
Level 1

ahdafadi_0-1729267076547.png

Hi , i am new to cisco world , i have applied the above scenario ,OSPF is running on all routers 
i am trying to gain access to the network 26.10.10.0/24 as through NAT from other networks .but R1 is not performing A Nat 
it is performing a routing instead i can the the web server which is 26.10.10.100 form any where inside the network  ,as i understood the NAT can be simulated  to any network not only the internet 
please you help is appreciated .

i have attached the configuration files for R1 and R3 

i

1 Accepted Solution

Accepted Solutions

You can achieve this in packet tracert by using Access List on the router.

 Using NAT,  PacketTracer have some limitation in comparison with real devices. 

View solution in original post

8 Replies 8

@ahdafadi 

 Can you share the PacketTracer file instead? You need to zip the file first to attach here.

ahdafadi
Level 1
Level 1

Thank you for the reply ,I have noticed something when i change the ACL to allow ip any any ,the nat works and shows the translation but when i modify the ACL to allow only http for the network 10.30.30.0/24 ,Nat stops working and the traffic still flow across the network normally,

@ahdafadi 

 

 I used the following config and I can see the NAT translation at the router.

Keep in mind that you are not going to use the port 80 or 443 on the NAT config. In order to use the port on the NAT config, it would be called port forward and the way to configure it is defferent and not supported on PackeTracer.

Should be something like this:

"ip nat inside source static tcp x.x.x.x 80 x.x.x.x  80 extendable"

The config below is called PAT and works.

 

!

ip nat pool asiapool 26.10.10.4 26.10.10.50 netmask 255.255.255.0

ip nat inside source list allow30 pool asiapool overload

ip classless

!

ip flow-export version 9

!

!

ip access-list extended allow30

permit ip 10.0.0.0 0.255.255.255 any

!

FlavioMiranda_0-1729435652587.png

 

ahdafadi
Level 1
Level 1

Thank you for the explanation. I just wanted to handle the router similarly to how I do with FortiGate, allowing certain types of traffic from inside to outside by applying NAT on Router 1, as I considered the WAN interface to be the one attached to this subnet (26.10.10.2/24).

However, I didn't quite understand from your reply whether Packet Tracer is not allowing this, or if it's only an issue in Packet Tracer but would work in a real-world scenario.

You can achieve this in packet tracert by using Access List on the router.

 Using NAT,  PacketTracer have some limitation in comparison with real devices. 

that is confusing me, I have modified the ACL to allow 30 network traffic while denying any other subnets 
it shows that other network traffic is hitting the ACL as you can see (4 matches) but the traffic can be reached to the destination
Thank you 

ahdafadi_0-1729507011200.png

 



I see. But doing this, you are denying the traffic to be natted but, the traffic on the topology does not need the NAT to reach the destination.

One easy solution would be put and ACL for traffic control, not only for NAT. The ACL inside NAT is used only for match or not match the traffic, it is not used to block the traffic.

I will try to come up with a better solution for you by using NAT, give me some time.

Thank you so much for that. it answered 80%  percent of the question