.. Welcome ..



.. Welcome to 'Komunitas Cisco' site ..



Minggu, 05 Mei 2013

KONFIGURASI NAT & PAT

Konfigurasi NAT & PAT


Ketika akan melakukan koneksi ke internet, ip private kita tidak bisa langsung berhubungan ke ip public milik provider internet (ISP), sehingga dibutuhkan metode translasi dari ip private ke ip public. Metode ini dikenal dengan NAT (Network Address Translation) yang memetakan one to one dan many to many, karena keterbatasan ip public dan biasanya pihak perusahaan hanya memiliki 1 ip public maka digunakan PAT (Protocol Address Translation) dimana 1 ip public dipakai berbarengan oleh seluruh ip private dengan protocol sebagai pembedanya.
mari lihat contoh berikut ini 

Task 1: Konfigurasi Static NAT
static NAT (router SBY):
10.1.1.11 --> 202.1.2.6  (Public TFTP & FTP server)

Router-SBY:
(config)# int s0/1
(config-if)# ip address  202.1.2.2  255.255.255.0
(config-if)# exit

(config)# no router eigrp 65000

(config)# ip route  0.0.0.0  0.0.0.0  s0/1       --> membuat default route mengarah ke Router-JKT  
                                                                                 (sebagai ISP)

(config)# ip nat inside source static  10.1.1.11  202.1.2.6

(config)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end

# sh ip nat translation

static NAT (router MDN):
10.1.5.11 --> 202.1.4.3  (Public TFTP & FTP server)

Router-MDN:
(config)# int s0/0
(config-if)# ip address  202.1.4.2  255.255.255.0
(config-if)# exit

(config)# no router eigrp 65000
(config)# ip route  0.0.0.0  0.0.0.0  s0/1        --> membuat default route mengarah ke Router-JKT (sebagai ISP)

(config)# ip nat inside source static  10.1.5.11  202.1.4.3

(config)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end

# sh ip nat translation

static NAT (router JKT):
10.1.3.11 --> 202.1.2.11  (Public TFTP & FTP server)
10.1.3.12  --> 202.1.2.12  (Public TFTP & FTP server)

Router-JKT:
(config)# int s0/0
(config-if)# ip address  202.1.4.1  255.255.255.0

(config-if)# int s0/1
(config-if)# ip address  202.1.2.1  255.255.255.0
(config-if)# exit

(config)# no router eigrp 65000

(config)# ip nat inside source static  10.1.3.11  202.1.4.11
(config)# ip nat inside source static  10.1.3.12  202.1.4.12

(config)# int s0/0
(config-if)# ip nat outside

(config-if)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end

# sh ip nat translation


Menghapus konfigurasi Static NAT:
Router-SBY:
(config)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source static 10.1.1.11 202.1.2.3

Router-MDN:
(config)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source static 10.1.5.11 202.1.4.3


Router-JKT:
(config)# int s0/0
(config-if)# no ip nat outside
(config-if)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source static 10.1.3.11 202.1.2.11
(config)# no ip nat inside source static 10.1.3.12 202.1.2.12

Task 2: Konfigurasi Dynamic PAT
Router-SBY:
(config)# access-list 7 permit 10.1.1.0 0.0.0.255
(config)# ip nat inside source list 7 int s0/1 overload

(config)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end

# sh ip nat translation
# debug ip nat


Router-MDN:
(config)# access-list 7 permit 10.1.5.0 0.0.0.255
(config)# ip nat inside source list 7 int s0/1 overload

(config)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end

Router-JKT:
(config)# access-list 33 permit 10.1.3.0 0.0.0.255
(config)# ip nat inside source list 33 int s0/1 overload

(config)# int s0/1
(config-if)# ip nat outside

(config-if)# int f0/1
(config-if)# ip nat outside

(config-if)# int f0/0
(config-if)# ip nat inside
(config-if)# end


# sh ip nat translation

# terminal monitor
# debug ip nat

PC :
C:> ping 203.100.15.1 -t
C:> ping 152.118.25.1 -t
C:> ping 66.24.35.77 -t

Task 3: Menghapus Konfigurasi PAT
Router-SBY:
(config)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source list 7 int s0/1 overload
(config)# no access-list 7

Router-MDN:
(config)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source list 7 int s0/1 overload
(config)# no access-list 7

Router-JKT:
(config)# int s0/0
(config-if)# no ip nat outside

(config-if)# int s0/1
(config-if)# no ip nat outside

(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit

(config)# no ip nat inside source list 33 int s0/1 overload
(config)# no access-list 33


Task 4: Mengembalikan konfigurasi sebelum lab NAT/PAT
Router-SBY:
(config)# int serial 0/1
(config-if)# ip address 10.1.2.2 255.255.255.0
(config-if)# exit

(config)# no ip route 0.0.0.0 0.0.0.0

(config)# router eigrp 65000
(config-router)# network 10.0.0.0
(config-router)# passive-interface f0/0
(config-router)#end

Router-MDN:
(config)# int serial 1/0
(config-if)# ip address 10.1.4.2 255.255.255.0
(config-if)# exit

(config)# no ip route 0.0.0.0 0.0.0.0

(config)# router eigrp 65000
(config-router)# network 10.0.0.0
(config-router)# passive-interface f0/0
(config-router)#end

# copy run start
 

Diposting oleh di

1 komentar:

Langganan: Posting Komentar (Atom)