Differences

This shows you the differences between two versions of the page.

--- networking:cisco:dynamic-nat [2026/02/04 14:52] – ilyasa
+++ networking:cisco:dynamic-nat [2026/02/05 00:06] (current) – [Testing] ilyasa
@@ Line 1: / Line 1: @@
 {{indexmenu_n>063}}
 ====== Cisco : Dynamic NAT ======
-Desciption
+NAT dinamis adalah tipe NAT di mana sekelompok alamat IP privat dalam jaringan internal dipetakan ke sekelompok alamat IP publik secara dinamis. Tidak seperti NAT statis yang memetakan satu alamat IP privat ke satu alamat IP publik secara tetap, NAT dinamis memungkinkan banyak perangkat di jaringan internal berbagi sekelompok alamat IP publik secara bergantian.
 ===== Syntax =====
-==== Some acction ====
+Untuk konfigurasi NAT dynamic pertama anda harus membuat pool untuk ip yang akan terlihat oleh internet (public ip). dan anda harus membuat access list yang sama dengan pool ip private anda.
-^ Command ^ Description ^
-| ''S1(config)#vlan [vlan-ID]'' | Membuat VLAN baru dan menetapkan nomor VLAN |
+==== Definisikan pool ====
-| ''S1(config-vlan)#name [name]'' | Memberikan nama pada VLAN |
+<code js>
-Contoh:
+ip nat pool [pool name] x.x.x.x - y.y.y.y netmask [subnetmask]
-<code>
-vlan 10
- name VLAN-10
-vlan 20
- name VLAN-20
-vlan 99
- name VLAN-Management
 </code>
+  * x.x.x.x - y.y.y.y : range ip address public
+==== Membuat access list untuk jaringan internal ====
+<code js>
+access-list [acl_number] permit X.X.X.X [wildcard mask]
+</code>
+X.X.X.X : Network Ip Prival (LAN)
+==== Konfigurasi NAT Dynamic ====
+<code js>
+ip nat inside source list [acl_number] pool [pool_name]
+</code>
+Masih sama dengan NAT static anda harus menentukan interface inside dan outsite terlebih dahulu dengan:
+<code>
+interface [interface]
+  ip nat inside
+interface [interface]
+  ip nat outside
+</code>
 ===== Topologi =====
-Gambar topology
+{{ :networking:cisco:cisco_nat.png?nolink |}}
-Goals Topology
+Tujuan: Kita mempunyai pool ip public 100.0.0.0/24 Gunakan pool tersebut untuk menkonfigurasi NAT dynamic dengan Mapping IP addresses dari IP LAN 192.168.1.X, PC1, PC2, dan PC3 ke 100.0.0.x/24
+<hidden Preconfig>
+* **R1 : Proconfig**
+<code js>
+hostname R1
+!
+ip dhcp excluded-address 192.168.1.1
+!
+ip dhcp pool LAN
+   network 192.168.1.0 255.255.255.0
+   default-router 192.168.1.254
+   dns-server 8.8.8.8
+!
+!
+interface FastEthernet0/0
+ ip address 203.0.113.1 255.255.255.252
+ no shutdown
+!
+interface FastEthernet0/1
+ ip address 192.168.1.254 255.255.255.0
+ no shutdown
+!
+ip route 0.0.0.0 0.0.0.0 203.0.113.2
+</code>
+* **Intenet: Cisco router to simulate internet**
+<code js>
+hostname internet
+!
+!
+interface Loopback0
+ ip address 142.251.175.113 255.255.255.255
+!
+interface FastEthernet0/0
+ ip address 203.0.113.2 255.255.255.252
+ no shutdown
+!
+interface FastEthernet0/1
+ ip address 8.8.8.1 255.255.255.0
+ no shutdown
+!
+ip route 100.0.0.0 255.255.255.0 203.0.113.1
+</code>
+* **Linux DNS server with a single records **
+Linux DNS server with a single records
+<code>
+DNS A Record google.com –> 142.251.175.113
+</code>
+</hidden>
 ===== Konfigurasi =====
-  * **Step 1 : Pembuatan VLANs**
+  * **R1: Tentukan Interface inside dan outsite**
+<code js>
+R1(config)#interface fastEthernet 0/0
+R1(config-if)#ip nat outside
+R1(config)#interface fastEthernet 0/1
+R1(config-if)#ip nat inside
+</code>
+  * **R1 : Membuat Pool Untuk IP Public**
+<code js>
+R1(config)#ip nat pool POOL1 100.0.0.1 100.0.0.3 netmask 255.255.255.01
+</code>
+  * **R1 : Membuat ACL untuk range ip internal**
+<code js>
+R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
+</code>
+  * **R1 : Mempetakan ip pool yang telah dibuat ke ip private dgn dynamic nat**
+<code js>
+R1(config)#ip nat inside source list 1 pool POOL1
+</code>
+===== Testing =====
+* **PC1 : Test ping dan hasil capture**
 <code>
-Switch(config)#vlan 10
+PC1> ip dhcp
-Switch(config-vlan)#name BIRU
+DORA IP 192.168.1.1/24 GW 192.168.1.254
-Switch(config-vlan)#exit
-Switch(config)#vlan 20
+PC1> ping 8.8.8.8 -c 1
-Switch(config-vlan)#name MAGENTA
-Switch(config-vlan)#exit
+bytes from 8.8.8.8 icmp_seq=1 ttl=62 time=48.818 ms
+PC1> ping google.com
+google.com resolved to 142.251.175.113
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=19.530 ms
+bytes from 142.251.175.113 icmp_seq=2 ttl=254 time=26.425 ms
+bytes from 142.251.175.113 icmp_seq=3 ttl=254 time=14.858 ms
+bytes from 142.251.175.113 icmp_seq=4 ttl=254 time=15.780 ms
+bytes from 142.251.175.113 icmp_seq=5 ttl=254 time=11.737 ms
 </code>
-  * **Step 2 : Assign VLANs ke Ports**
+{{ :networking:cisco:cisco_natdynamic-1.png?nolink |}}
+* **PC2 : Test ping dan hasil capture**
 <code>
-Switch(config)#interface f0/1
+PC2> ip dhcp
-Switch(config-if)#switchport mode access
+DORA IP 192.168.1.2/24 GW 192.168.1.254
-Switch(config-if)#switchport access vlan 10
-Switch(config-if)#exit
-Switch(config)#interface f0/2
+PC2> ping 8.8.8.8 -c 1
-Switch(config-if)#switchport mode access
-Switch(config-if)#switchport access vlan 10
+bytes from 8.8.8.8 icmp_seq=1 ttl=62 time=29.733 ms
-Switch(config-if)#exit
+PC2> ping google.com -c 1
+google.com resolved to 142.251.175.113
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=20.108 ms
 </code>
-===== Testing =====
+{{ :networking:cisco:cisco_natdynamic-3.png?nolink |}}
+* **PC3 : Test ping dan hasil capture**
+<code>
+PC3> ip dhcp
+DORA IP 192.168.1.3/24 GW 192.168.1.254
+PC3> ping 8.8.8.8 -c 1
+bytes from 8.8.8.8 icmp_seq=1 ttl=62 time=26.725 ms
+PC3> ping google.com -c 1
+google.com resolved to 142.251.175.113
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=19.783 ms
+</code>
+{{ :networking:cisco:cisco_natdynamic-2.png?nolink |}}
+* **R1 : logs nat translations**
+<code js>
+R1#show ip nat translations
+Pro Inside global      Inside local       Outside local      Outside global
+udp 100.0.0.1:9033     192.168.1.1:9033   8.8.8.8:53         8.8.8.8:53
+icmp 100.0.0.1:32494   192.168.1.1:32494  142.251.175.113:32494 142.251.175.113:32494
+icmp 100.0.0.1:32750   192.168.1.1:32750  142.251.175.113:32750 142.251.175.113:32750
+icmp 100.0.0.1:33006   192.168.1.1:33006  142.251.175.113:33006 142.251.175.113:33006
+icmp 100.0.0.1:33262   192.168.1.1:33262  142.251.175.113:33262 142.251.175.113:33262
+icmp 100.0.0.1:33518   192.168.1.1:33518  142.251.175.113:33518 142.251.175.113:33518
+--- 100.0.0.1          192.168.1.1        ---                ---
+--- 100.0.0.3          192.168.1.2        ---                ---
+udp 100.0.0.2:36935    192.168.1.3:36935  8.8.8.8:53         8.8.8.8:53
+icmp 100.0.0.2:46574   192.168.1.3:46574  142.251.175.113:46574 142.251.175.113:46574
+--- 100.0.0.2          192.168.1.3        ---                ---
+</code>