Skip to content

Belajar Mengkonfigurasi NAT Di Cisco Device

Belajar Mengkonfigurasi PAT,Static NAT,Port Static Map NAT
Dynamic NAT,Dynamic NAT with Overload,Serta Gabungan
Dynamic NAT with Overload dan Port Static Map NAT diRouter Cisco 

Percobaan Pertama (PAT)
Langkah-langkahnya adalah sebagai berikut:
---------------------------------------------------
1.Tentukan Inside Interface dari NAT
---------------------------------------------------
cnc1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z. 

cnc1(config)#interface FastEthernet0/0
cnc1(config-if)#ip address 192.168.30.1 255.255.255.0
cnc1(config-if)#ip nat inside
cnc1(config-if)#exit
---------------------------------------------------
2.Tentukan Outside Interface dari NAT, kita asumsikan
bahwa ip 192.168.20.2 adalah IP Public (analogi IP Public yang salah
,karena sudah terlanjur ke save di router T_T)
---------------------------------------------------
cnc1(config)#interface Ethernet1/0
cnc1(config-if)#ip address 192.168.20.2 255.255.255.0
cnc1(config-if)#ip nat outside
cnc1(config-if)#exit
---------------------------------------------------
3.Buat a standard access list, Identify internal IP
Address to be translated and enable NAT Overload
---------------------------------------------------
cnc1(config)#access-list 20 permit 192.168.30.0 0.0.0.255
cnc1(config)#ip nat inside source list 20 interface FastEthernet1/0 overload
cnc1(condig)#end
cnc1# 

---------------------------------------------------
How to check 1 (ping  dari host di dalam nat to host diluar nat)
---------------------------------------------------
C:\>ipconfig 

Windows IP Configuration 

Ethernet adapter Local Area Connection 5: 

 Connection-specific DNS Suffix  . :
 IP Address. . . . . . . . . . . . : 192.168.30.2
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 IP Address. . . . . . . . . . . . : fec0::1:2%1
 IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%4
 Default Gateway . . . . . . . . . : 192.168.30.1 

C:\>ping 192.168.10.2 

Pinging 192.168.10.2 with 32 bytes of data: 

Reply from 192.168.10.2: bytes=32 time=233ms TTL=126
Reply from 192.168.10.2: bytes=32 time=187ms TTL=126
Reply from 192.168.10.2: bytes=32 time=208ms TTL=126
Reply from 192.168.10.2: bytes=32 time=170ms TTL=126 

Ping statistics for 192.168.10.2:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 170ms, Maximum = 233ms, Average = 199ms 

C:\>
-----------------------------------------------------
How to check 2 (ping dari host di diluar nat to host didalam nat)
-----------------------------------------------------
C:\>ipconfig 

Windows IP Configuration 

Ethernet adapter Local Area Connection: 

 Connection-specific DNS Suffix  . :
 IP Address. . . . . . . . . . . . : 192.168.10.2
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 IP Address. . . . . . . . . . . . : fec0::3:2%1
 IP Address. . . . . . . . . . . . : fe80::20c:29ff:fe63:5efd%4
 Default Gateway . . . . . . . . . : 192.168.10.1 

C:\>ping 192.168.30.2 

Pinging 192.168.30.2 with 32 bytes of data: 

Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable. 

Ping statistics for 192.168.30.2:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms 

C:\> 

-----------------------------------------------------
How to check 3 (debug ip nat [no access-list ] detailed)
-----------------------------------------------------
cnc1#debug ip nat 20 detailed
IP NAT detailed debugging is on for access list 20
cnc1#
*Apr 18 13:08:53.451:  mapping pointer available mapping:0
*Apr 18 13:08:53.451: NAT: [0] Allocated Port for 192.168.30.2 -> 192.168.20.2: wanted 512 got 512
*Apr 18 13:08:53.451: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [21978]
*Apr 18 13:08:53.455: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [21978]
*Apr 18 13:08:53.455: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [21978]
*Apr 18 13:08:53.587: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1813]
*Apr 18 13:08:53.587: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1813]
*Apr 18 13:08:55.823: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22033]
*Apr 18 13:08:55.827: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22033]
*Apr 18 13:08:55.919: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1814]
*Apr 18 13:08:55.919: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1814]
*Apr 18 13:08:58.035: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22087]
*Apr 18 13:08:58.035: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22087]
*Apr 18 13:08:58.199: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1816]
*Apr 18 13:08:58.199: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1816]
*Apr 18 13:08:58.827: NAT*: i: icmp (192.168.30.2, 512) -> (192.168.10.2, 512) [22136]
*Apr 18 13:08:58.827: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22136]
*Apr 18 13:08:58.943: NAT*: o: icmp (192.168.10.2, 512) -> (192.168.20.2, 512) [1817]
*Apr 18 13:08:58.943: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1817]
*Apr 18 13:09:01.947:  mapping pointer available mapping:0
*Apr 18 13:09:01.947: NAT: [0] Allocated Port for 192.168.30.2 -> 192.168.20.2: wanted 1270 got 1270
*Apr 18 13:09:01.947: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22325]
*Apr 18 13:09:01.951: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22325]
*Apr 18 13:09:01.951: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22325]
*Apr 18 13:09:02.067: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1819]
*Apr 18 13:09:02.067: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1819]
*Apr 18 13:09:02.087: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22336]
*Apr 18 13:09:02.087: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22336]
*Apr 18 13:09:04.011: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1821]
*Apr 18 13:09:04.011: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1821]
*Apr 18 13:09:04.103: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22470]
*Apr 18 13:09:04.107: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22470]
*Apr 18 13:09:04.251: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1822]
*Apr 18 13:09:04.251: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1822]
*Apr 18 13:09:04.271: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22485]
*Apr 18 13:09:04.275: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22485]
*Apr 18 13:09:04.415: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1823]
*Apr 18 13:09:04.415: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1823]
*Apr 18 13:09:04.511: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [22510]
*Apr 18 13:09:04.511: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [22510]
*Apr 18 13:09:15.767: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23245]
*Apr 18 13:09:15.767: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23245]
*Apr 18 13:09:15.863: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1828]
*Apr 18 13:09:15.867: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1828]
*Apr 18 13:09:15.891: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23258]
*Apr 18 13:09:15.891: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23258]
*Apr 18 13:09:16.723: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1829]
*Apr 18 13:09:16.723: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1829]
*Apr 18 13:09:16.843: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23300]
*Apr 18 13:09:16.843: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23300]
*Apr 18 13:09:17.159: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1830]
*Apr 18 13:09:17.163: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1830]
*Apr 18 13:09:17.171: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1831]
*Apr 18 13:09:17.171: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1831]
*Apr 18 13:09:17.207: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23321]
*Apr 18 13:09:17.207: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23321]
*Apr 18 13:09:17.231: NAT*: i: tcp (192.168.30.2, 1270) -> (192.168.10.2, 23) [23322]
*Apr 18 13:09:17.231: NAT*: s=192.168.30.2->192.168.20.2, d=192.168.10.2 [23322]
*Apr 18 13:09:17.279: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1832]
*Apr 18 13:09:17.279: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1832]
*Apr 18 13:09:17.303: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1833]
*Apr 18 13:09:17.303: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1833]
*Apr 18 13:09:17.327: NAT*: o: tcp (192.168.10.2, 23) -> (192.168.20.2, 1270) [1834]
*Apr 18 13:09:17.327: NAT*: s=192.168.10.2, d=192.168.20.2->192.168.30.2 [1834]
cnc1#
-----------------------------------------------------
How to check 4 (sh ip nat translations)
-----------------------------------------------------
cnc1#
cnc1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.20.2:512  192.168.30.2:512   192.168.10.2:512   192.168.10.2:512
tcp 192.168.20.2:1270  192.168.30.2:1270  192.168.10.2:23    192.168.10.2:23
cnc1# 

-----------------------------------------------------
-----------------------------------------------------
Wireshark 1 (host dalam nat to router nat)

-----------------------------------------------------
-----------------------------------------------------
Wireshark 2 (cloud )

----------------------------------------------------- 

Percobaan Selanjutnya:
-----------------------------------------------------
Static NAT
-----------------------------------------------------
ip nat inside source static [ip private] [ip public]
ex:
ip nat inside source static 192.168.30.2 192.168.20.2
-----------------------------------------------------
Port Static Map NAT
-----------------------------------------------------
ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ex:
ip nat inside source static tcp 192.168.30.2 80 interface f1/0 80
-----------------------------------------------------
Dynamic NAT  
-----------------------------------------------------  
ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool]  
ex:
ip nat pool iwing-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool
-----------------------------------------------------
Dynamic NAT with Overload
-----------------------------------------------------
ip nat pool [name-pool] [ip public-ip public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat pool iwing-pool 192.168.20.2 192.168.20.3 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool overload
-----------------------------------------------------
Dynamic NAT with Overload + Port Static Map  
-----------------------------------------------------
ip nat inside source static tcp [ip private] [port] interface [ int public] [port]
ip nat pool [name-pool] [ip public-public] netmask []
ip nat inside soure list [access-list] pool [name-pool] overload
ex:
ip nat inside source static tcp 192.168.30.2 80 interface f1/0 80
ip nat pool iwing-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source list 20 pool iwing-pool overload 

-----------------------------------------------------
How to check 5 (sh ip ip access-lists and sh run | in ip nat)
-----------------------------------------------------
cnc1#sh ip access-lists
Standard IP access list 20
 10 permit 192.168.30.0, wildcard bits 0.0.0.255 (2 matches)
cnc1#sh run | in ip nat
 ip nat inside
 ip nat outside
ip nat pool iwing-pool 192.168.20.3 192.168.20.4 netmask 255.255.255.0
ip nat inside source static tcp 192.168.30.2 80 interface FastEthernet1/0 80
ip nat inside source list 20 pool iwing-pool overload
cnc1#
-----------------------------------------------------
How to check 6 (sh ip nat translations)
-----------------------------------------------------
cnc1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.20.2:80    192.168.30.2:80    192.168.10.2:1048  192.168.10.2:1048
tcp 192.168.20.2:80    192.168.30.2:80    192.168.10.2:1049  192.168.10.2:1049
tcp 192.168.20.2:80    192.168.30.2:80    ---                ---
icmp 192.168.20.4:512  192.168.30.2:512   192.168.10.2:512   192.168.10.2:512
cnc1#
-----------------------------------------------------
How to check 7 (screenshoot dari client luar nat)

----------------------------------------------------- 

------"Sekian dulu dan semoga bermanfaat"------------ 
2 Comments leave one →
  1. Ferry permalink
    19 February 2013 4:11 AM

    ga ada gambar ngga jelas buat newbie om..
    saran agan pake gambar om..

    • 25 February 2013 1:41 AM

      Baik pada kesempatan lain akan diikut sertakan topologinya …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: