1
00:00:08,290 --> 00:00:09,250
In this lab.

2
00:00:09,280 --> 00:00:13,420
You need to configure static nat to make the network work.

3
00:00:21,300 --> 00:00:21,530
Okay.

4
00:00:21,570 --> 00:00:24,480
So we've been told to configure static nat.

5
00:00:24,900 --> 00:00:27,270
The first thing we need to do is configure the router.

6
00:00:27,980 --> 00:00:30,740
So I'm going to open up a console to the router.

7
00:00:34,140 --> 00:00:40,650
And the first thing I'll do is configure a hostname of rather one that's not in the list of requirements,

8
00:00:40,650 --> 00:00:45,330
but I think it's worthwhile doing that in labs in the exam.

9
00:00:45,420 --> 00:00:47,700
Do what they tell you to do.

10
00:00:47,700 --> 00:00:53,610
So just follow the steps in the exam and make sure that you complete what's required in these labs.

11
00:00:53,610 --> 00:01:00,330
We can do a bit extra based on best practices, so it's a good idea to configure your device names.

12
00:01:00,660 --> 00:01:03,960
Interface Gigabyte 001 is connected to the Internet.

13
00:01:04,530 --> 00:01:11,400
It's going to be configured with this IP address and I'll know shutter the interface.

14
00:01:12,150 --> 00:01:17,550
So the routers outside interfaces being configured going to the inside interface.

15
00:01:19,560 --> 00:01:20,670
No, shut it.

16
00:01:21,000 --> 00:01:27,180
I'll give it an IP address of ten 1125 for per the lab diagram.

17
00:01:27,660 --> 00:01:32,250
So verification show IP interface brief.

18
00:01:34,620 --> 00:01:35,310
In the output.

19
00:01:35,310 --> 00:01:40,710
We can see that this IP address is configured on gigabit 000, which is correct.

20
00:01:41,070 --> 00:01:45,570
And this IP address is configured on the outside interface, which is correct.

21
00:01:46,110 --> 00:01:48,900
Both interfaces are up, which is good.

22
00:01:49,470 --> 00:01:55,060
Now that packet tracer has shown us that the links are green.

23
00:01:55,080 --> 00:01:59,790
We can ping the DNS server and that works.

24
00:01:59,790 --> 00:02:03,840
So we've tested connectivity on the outside interface.

25
00:02:04,560 --> 00:02:07,590
Let's test connectivity to one of the servers.

26
00:02:08,470 --> 00:02:12,430
So the HTTP server has IP address ten one one 100.

27
00:02:13,730 --> 00:02:16,610
So can we ping ten one one 100?

28
00:02:17,060 --> 00:02:18,530
And the answer is yes.

29
00:02:18,800 --> 00:02:22,670
So we've configured our IP addresses per the instructions.

30
00:02:22,850 --> 00:02:26,210
We need to configure a default route to the Internet.

31
00:02:28,920 --> 00:02:31,710
So IP wrote 0000.

32
00:02:33,930 --> 00:02:37,500
With the same mosque pointing to the DNS server.

33
00:02:38,160 --> 00:02:42,990
So show IP route, that's what our routing table looks like.

34
00:02:43,410 --> 00:02:48,780
Now in the real world, your ISP will specify which default gateway to use.

35
00:02:49,020 --> 00:02:55,140
For this lab, I'm simply pointing it to the DNS server, but typically you would point it to a router

36
00:02:55,170 --> 00:03:03,210
in the internet and often like at home, the service provider router will allocate you an IP address

37
00:03:03,210 --> 00:03:08,370
through DHCP as well as allocate you a default gateway.

38
00:03:08,760 --> 00:03:16,080
The device that your home router connects to depends and can vary depending on what access technology

39
00:03:16,080 --> 00:03:16,830
you're using.

40
00:03:17,010 --> 00:03:23,100
But in this example, we're using Ethernet and I'm simply going to point the default gateway to the

41
00:03:23,100 --> 00:03:24,120
DNS server.

42
00:03:24,600 --> 00:03:31,290
So now we need to configure static NAT so that the outside PC can access the internal servers.

43
00:03:31,650 --> 00:03:34,020
So connected IP.

44
00:03:34,350 --> 00:03:43,290
Nat, we are netting inside devices, we are netting the source IP addresses and we are doing a static

45
00:03:43,290 --> 00:03:44,820
NAT translation.

46
00:03:45,700 --> 00:03:50,200
In this example, we've been told to net only the required port.

47
00:03:50,530 --> 00:03:54,310
So what protocol does http use?

48
00:03:54,670 --> 00:03:57,760
Uses TCP when doing a net?

49
00:03:57,760 --> 00:04:03,550
Translations like this you always specify the physical device IP address first.

50
00:04:03,760 --> 00:04:07,180
So that is the IP address on the server.

51
00:04:07,990 --> 00:04:10,900
Next thing we need to configure is the port number.

52
00:04:10,930 --> 00:04:13,810
What port number does http use?

53
00:04:13,840 --> 00:04:18,070
It uses port ID inside global IP address.

54
00:04:18,070 --> 00:04:23,380
So what is the IP address that the server will use on the internet?

55
00:04:24,020 --> 00:04:26,480
It's 82.8.82 200.

56
00:04:26,750 --> 00:04:31,340
So 82.82. 200 port number is 80.

57
00:04:31,670 --> 00:04:34,490
So we've configured the server for HTTP.

58
00:04:34,940 --> 00:04:44,270
The lab doesn't specify https, but if your instructions were to configure https, you would also specify

59
00:04:44,270 --> 00:04:46,010
port four, four, three.

60
00:04:47,720 --> 00:04:51,500
That's the port number for SSL or HTTPS.

61
00:04:51,950 --> 00:04:57,290
I'm going to add that here just to demonstrate that it's possible, but that's not required for this

62
00:04:57,290 --> 00:04:57,890
lab.

63
00:04:58,310 --> 00:05:01,280
Next step is to configure FTP.

64
00:05:01,640 --> 00:05:05,660
Now we told here to use a full static and nat translation.

65
00:05:06,230 --> 00:05:11,990
So IP Nat inside source static.

66
00:05:12,800 --> 00:05:17,060
And here we're going to specify the IP address of the FTP server.

67
00:05:18,480 --> 00:05:22,380
Which is ten 11101.

68
00:05:24,260 --> 00:05:32,120
And then we're going to specify the external or netted IP address, which is called the inside a global

69
00:05:32,120 --> 00:05:33,140
IP address.

70
00:05:33,650 --> 00:05:35,180
And then we press enter.

71
00:05:35,480 --> 00:05:39,500
So notice the difference for the HTTP server.

72
00:05:40,490 --> 00:05:44,710
We specified individual port numbers for the FTP server.

73
00:05:44,720 --> 00:05:47,090
We did a full and native translation.

74
00:05:47,690 --> 00:05:54,680
Any traffic going to this IP address and any port number will be translated to this IP address.

75
00:05:55,280 --> 00:06:00,560
Traffic going to this IP address and port number will be netted to this IP address.

76
00:06:00,980 --> 00:06:09,290
But if traffic arrives going to 8.8.8 200 and port number 23, that traffic will be dropped.

77
00:06:09,470 --> 00:06:15,650
This is a more secure way of doing that because you're only netting specific IP addresses.

78
00:06:15,890 --> 00:06:25,040
In addition, it allows you to use the same global IP address and net it to different servers on the

79
00:06:25,040 --> 00:06:26,270
inside network.

80
00:06:26,540 --> 00:06:30,350
So this tends to be the way people do it in the real world.

81
00:06:31,180 --> 00:06:37,480
So IP Nat translation at the moment we can see our static net translations.

82
00:06:38,570 --> 00:06:40,370
Let's verify a configuration.

83
00:06:40,370 --> 00:06:41,390
So show run.

84
00:06:42,170 --> 00:06:46,370
One step that we still need to do is configure inside and outside interfaces.

85
00:06:46,760 --> 00:06:53,120
So this interface interface gigabyte 000 needs to be the inside interface.

86
00:06:53,120 --> 00:07:00,080
So IP Nat inside and gigabit is 001 needs to be the outside interface.

87
00:07:01,250 --> 00:07:10,550
So show IP Nat translation there are our NAT translations once again and Show Run allows us to verify

88
00:07:10,580 --> 00:07:16,370
that we've configured both the inside and outside NAT interfaces.

89
00:07:17,020 --> 00:07:23,110
So now let's verify if the outside PC can access the internal servers.