NAT /DHCP Help

General
1

Hi Im trying to do a simple NAT project and I haven’t touched it for a very long time using the cli. I would like to be able to NAT to the internet, using PAT overload and port redirection so that I can ssh from any external ip to the 3 devices in the diagram. Thanks in advance

Ive attached my config and diagram

Lab1
Lab1581×571 23.3 KB

R1.txt (1.7 KB)

R1.txt (1.7 KB)

2

Hello Stamati

There are a few features that you are looking to implement, and you will have to look at these independently. However, they are related to one another.

First of all, you want host1 (and potentially any other hosts on the same VLAN) to reach the Internet using PAT. You also want any host in VLAN 10 to obtain an IP via DHCP. So, you must:

  1. Configure a DHCP server, potentially on Router1 or on another device in VLAN 10.
  2. Configure PAT such that hosts that obtain an address in the subnet in VLAN 10 will be translated, and will have access to the Internet.

Take a look at the following lessons to help you out with these topics:

Now, concerning being able to reach the router, the switch, and the host via SSH from the Internet. For the router, you only need to ensure that SSH is enabled and is accessible from the outside interface. So if you SSH from the internet to 31.210.24.7:22, you should get an SSH prompt. Now having said that, this can be a serious security risk. There are more secure ways to achieve this, such as obtaining a VPN connection to an internal device and then SSHing to the router from there. But that’s another story…

To connect to the switch and the host via SSH, you will need to perform NAT port forwarding. You can choose a different port for each device, such that when you SSH to 31.210.24.7:2200, you will get the switch, and 31.210.24.7:2201 will get you to the host. But keep in mind that this requires that the IP addresses of the switch and the host be statically assigned so that the translation will be correct every time. If these are dynamic, then the port forwarding will fail.

Take a look at this lesson to learn more about port forwarding:

I suggest you examine each of these concepts individually so that you understand them (possibly performing the labs in these lessons first), and then attempt to apply the features directly to the topology that you have shared.

I hope this has been helpful!

Laz

1 Like