Description: The lab exercise explains configuration source NAT based on given set of instruction.
Network Diagram :
Instructions:
1. Create a source NAT pool srcnatpool1
2. Create a source NAT pool srcnatpool2
3. Create source NAT rule set rs1 with rule r1 to match packets with a source IP address in the 10.10.1.0/24 subnets. For matching packets, the source address is translated to an IP address in the srcnatpool1 pool.
4. Apply rule r2 to match packets with a source IP address of 192.168.1.2/24. For matching packets, there is no NAT translation performed.
5. Rule r3 to match packets with a source IP address in the 192.168.1.0/24 subnet. For matching packets, the source address is translated to an IP address in the srcnatpool2 pool.
6. From operational mode enter show security nat source summary.
| Original Source IP | Translated Source IP |
|---|---|
| 10.10.1.0/24 | 192.0.0.0/24-192.0.0.24 |
| 192.168.1.0/24 | 192.0.0.100-192.0.0.249 (no port translation) |
| 192.168.1.2/24 | no source NAT translation |
On R1
user@R1>configure
[edit]
user@R1#edit security nat source
[edit security nat source]
user@R1#set pool srcnatpool1 address 192.0.0.1/24 to 192.0.0.24 /24
[edit security nat source]
user@R1#set pool srcnatpool2 address 192.0.0.100/24 to 192.0.0.249/24
[edit security nat source]
user@R1#set rule-set rs1 from zone trust
[edit security nat source]
user@R1#set rule-set rs1 to zone untrust
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match source-address 10.10.1.0/24
[edit security nat source]
user@R1#set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r1 then source-nat pool srcnatpool1
[edit security nat source]
user@R1#set rule-set rs1 rule r2 match source-address 192.168.1.2/24
[edit security nat source]
user@R1#set rule-set rs1 rule r2 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r2 then source-nat off
[edit security nat source]
user@R1#set rule-set rs1 rule r3 match source-address 192.168.1.0/24
[edit security nat source]
user@R1#set rule-set rs1 rule r3 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#set rule-set rs1 rule r3 then source-nat pool srcnatpool2
[edit security nat source]
user@R1#exit
[edit]
user@R1#show
source {
pool srcnatpool1 {
address {
192.0.0.1/24 to 192.0.0.24/24;
}
}
pool srcnatpool2 {
address {
192.0.0.100/24 to 192.0.0.249/24;
}
}
rule-set rs1{
from zone trust;
to zone untrust;
rule r1{
match {
source-address 10.10.1.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
srcnatpool1;
}
}
}
}
rule r2{
match {
source-address 192.168.1.2/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
off;
}
}
}
rule r3{
match {
source-address 192.168.1.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
srcnatpool2;
}
}
}
}
}
}
[edit]
user@R1#commit
commit complete
[edit]
user@R1#exit
user@R1>show security nat source summary
Total port number usage for port translation pool: 0 Maximum port number for port translation pool: 268435456 Total pools :2 pool name address range routing instance PAT total address srcnatpool1 192.0.0.1/24-192.0.0.24/24 default YES 24 srcnatpool2 192.0.0.100/24-192.0.0.249/24 default YES 249 Total Rules : 3 rule name rule set from to Action r1 rs1 trust untrust srcnatpool1 r2 rs1 trust untrust off r3 rs1 trust untrust srcnatpool2
