{{indexmenu_n>062}}
====== Cisco : Static NAT ======
NAT (Network Address Translation) statis adalah tipe NAT di mana satu alamat IP publik secara permanen dipetakan ke satu alamat IP privat dalam jaringan internal. Ini berarti bahwa alamat IP publik tertentu selalu merujuk ke perangkat atau server tertentu di dalam jaringan privat. NAT statis biasanya digunakan ketika Anda ingin perangkat dalam jaringan internal dapat diakses dari luar jaringan (misalnya, dari internet) dengan alamat IP publik yang tetap
===== Syntax =====
ip nat inside source static [local-ip] [global-ip]
* local-ip: Ini merupakan private ip address di local network yang akan dipetakan ke public ip address
* global-ip: Ini merupakan public ip address yang akan dilihat oleh internet
Untuk menkonfigurasi NAT static kamu harus menentukan interface inside dan outsite terlebih dahulu dengan:
interface [interface]
ip nat inside
interface [interface]
ip nat outside
===== Topologi =====
{{ :networking:cisco:cisco_nat.png?nolink |}}
Tujuan: Kita mempunyai pool ip public 100.0.0.0/24 Gunakan pool tersebut untuk menkonfigurasi NAT static dengan Mapping IP addresses dari IP LAN 192.168.1.X, PC1, PC2, dan PC3 ke 100.0.0.x/24
* **R1 : Proconfig**
hostname R1
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 8.8.8.8
!
!
interface FastEthernet0/0
ip address 203.0.113.1 255.255.255.252
no shutdown
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 203.0.113.2
* **Intenet: Cisco router to simulate internet**
hostname internet
!
!
interface Loopback0
ip address 142.251.175.113 255.255.255.255
!
interface FastEthernet0/0
ip address 203.0.113.2 255.255.255.252
no shutdown
!
interface FastEthernet0/1
ip address 8.8.8.1 255.255.255.0
no shutdown
!
ip route 100.0.0.0 255.255.255.0 203.0.113.1
* **Linux DNS server with a single records **
Linux DNS server with a single records
DNS A Record google.com –> 142.251.175.113
===== Konfigurasi =====
* **R1 : Menset Interface inside dan outsite**
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat outside
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip nat inside
* **R1 : Mempetakan ip 100.0.0.x/24 ke ip private kita**
R1(config)#ip nat inside source static 192.168.1.1 100.0.0.1
R1(config)#ip nat inside source static 192.168.1.2 100.0.0.2
R1(config)#ip nat inside source static 192.168.1.3 100.0.0.3
===== Testing =====
* **PC1 : Test ping dan hasil capture**
PC1> ip dhcp
DORA IP 192.168.1.1/24 GW 192.168.1.254
PC1> ping google.com
google.com resolved to 142.251.175.113
84 bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=19.694 ms
84 bytes from 142.251.175.113 icmp_seq=2 ttl=254 time=20.258 ms
84 bytes from 142.251.175.113 icmp_seq=3 ttl=254 time=15.912 ms
84 bytes from 142.251.175.113 icmp_seq=4 ttl=254 time=16.214 ms
^c
{{ :networking:cisco:cisco_natstatic-test03.png?nolink |}}
* **PC2 : Test ping dan hasil capture**
PC2> ping google.com -c 1
google.com resolved to 142.251.175.113
84 bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=30.073 ms
{{ :networking:cisco:cisco_natstatic-test02.png?nolink |}}
* **PC3 : Test ping dan hasil capture**
PC3> ping google.com -c 1
google.com resolved to 142.251.175.113
84 bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=20.609 ms
{{ :networking:cisco:cisco_natstatic-test01.png?nolink |}}
* **R1 : logs nat translations**
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 100.0.0.1:49363 192.168.1.1:49363 8.8.8.8:49363 8.8.8.8:49363
icmp 100.0.0.1:49619 192.168.1.1:49619 8.8.8.8:49619 8.8.8.8:49619
icmp 100.0.0.1:49875 192.168.1.1:49875 8.8.8.8:49875 8.8.8.8:49875
icmp 100.0.0.1:50131 192.168.1.1:50131 8.8.8.8:50131 8.8.8.8:50131
icmp 100.0.0.1:50387 192.168.1.1:50387 8.8.8.8:50387 8.8.8.8:50387
--- 100.0.0.1 192.168.1.1 --- ---
icmp 100.0.0.2:54227 192.168.1.2:54227 8.8.8.8:54227 8.8.8.8:54227
--- 100.0.0.2 192.168.1.2 --- ---
icmp 100.0.0.3:57043 192.168.1.3:57043 8.8.8.8:57043 8.8.8.8:57043
--- 100.0.0.3 192.168.1.3 --- ---