Configuring Dynamic NAT

Posted: October 28, 2009 in Cisco, Networking

NAT atau Network Address Translation,, untuk men-translasi ip private atau LAN agar bisa konek ke internet (Public),, Dengan kata lain dg NAT bisa menghemat ip public.. Bisa dibayangin,, kl ada 10 client pake ip public semua.. kalau ada NAT kan,, cukup 1 Clien / PC jadi Gateway WAN,,terus kebelakangnya di-NAT..he.h.e.

Percobaan gue dg GNS3, kurang lebih seperti dibawah ini…

Screenshot-GNS3 - -home-widodo-Learning By Doing-Cisco-PAT-ACLs-with-Cloud.net

Created By Wiwid .

R0 : Router WAN dan Gateway LAN (NAT)
R2 : Sebagai Router Client
Mode NAT : Mapping by Source List (Dynamic)

R0 :
F0/0 : 10.8.8.197/24
ip route 10.8.8.1
F1/0 : 192.168.1.1/24

R2 :
F0 : 192.168.1.2/24

Berikut konfigurasinya :

R0 :
interface Loopback0
ip address 172.172.172.1 255.255.255.255
!
interface FastEthernet0/0
description To WAN
ip address 10.8.8.197 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1/0
description To LAN NAT
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.8.8.1

access-list 1 permit 192.168.1.0 0.0.0.255

R2 :
interface Loopback0
ip address 192.192.192.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1

Kunci dari config Setting basic Dynamic NAT ini adalah,, access list dan ip nat inside overloadnya..
lihat di R0

ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 192.168.1.0 0.0.0.255

interface sebagai WAN atau yang keluar, dipasang ip nat outside (F0/0 Router-0)
interface sebagai LAN/NAT atau yang kedalam, dipasang ip nat inside (F1/0 Router-0)

coba dari R2 kita ping ke ip luar, misalnya ip yahoo 209.131.36.158

Router-2#ping 209.131.36.158

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.131.36.158, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/200/204 ms

Kalo ping ke http://www.yahoo.com bisa tak ??

Router-2#ping http://www.yahoo.com
Translating “www.yahoo.com”…domain server (255.255.255.255)

wahh,, ternyata ga bisa..

Ok untuk ceknya,, kita aktifin dulu debug ip udp nya,, buat lihat proses translasi dns nya..

Router-2#debug ip udp
UDP packet debugging is on

Setelah kita aktifin debugnya,, jika test ping lagi kelihatan prosesnya…
Translating “www.yahoo.com”…domain server (255.255.255.255)
*Mar 1 01:10:44.455: UDP: sent src=192.192.192.1(56436), dst=255.255.255.255(53), length=39
*Mar 1 01:10:47.455: UDP: sent src=192.192.192.1(56436), dst=255.255.255.255(53), length=39
*Mar 1 01:10:50.455: UDP: sent src=192.192.192.1(56436), dst=255.255.255.255(53), length=39
% Unrecognized host or address, or protocol not running.

ok selanjutnya,, kita set ip name server.. agar kita bisa ping nama situs2 internet
kl ditempat gue ip name server atau ip dns adalah 202.47.78.8

ok kita set ip name-server

Router-2(config)#ip name-server 202.47.78.8

Router-2#ping http://www.yahoo.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.131.36.158, timeout is 2 seconds:
!!!!!

Hore,, ternyata tembus,, maknyos……

Advertisements
Comments
  1. Kuliahku says:

    hai.. Aku punya situs Tutorial Mikrotik. Isinya tentang Kuliah Mikrotik. Silahkan mampir ya kalo ada waktu.. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s