Nat report2

18

Click here to load reader

  • date post

    13-Sep-2014

  • Category

    Technology

  • view

    659

  • download

    3

TAGS:

description

 

Transcript of Nat report2

Page 1: Nat report2

SECURING PRIVATE ENVIORNMENT BY USING NAT

PROJECT REPORT

Page 2: Nat report2
Page 3: Nat report2

ACKNOWLDGEMENT

The project is based on network addressing translation(nat). The beauty of configuring nat on routers is that it can help users access internet on private ip address which are otherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficient between 3 different and independent organisations. The vlans have been divided into web servers and internet clients.

Page 4: Nat report2

DESCRIPTION

We have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data from and to isp. There are manageable switches in each organisation and we have created separate vlans for servers and internet clients.If we want the communication between the internet clients and servers then we configure inter vlan concept on the router. And if we want to block some internet clients cannot access our servers then we create acl for that particular user.These organisations are linked externally to an isp which provides live(public) ip addresses to each organisation, and isp also provides the internet connections to others.

Page 5: Nat report2

CONFIGURATION

FOR ORG1

%SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG1ORG1(config)#line console 0ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#line vty 0 4ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exit

Page 6: Nat report2

ORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG1(config-if)#exitORG1(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 10.0.0.1 255.0.0.0ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int f0/0.2

ORG1(config-subif)#encapsulation dot1q 3ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 192.168.10.1 255.255.255.240ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int s0/0/0ORG1(config-if)#ip nat outsideORG1(config-if)#clock rate 64000ORG1(config-if)#ip address 200.10.10.5 255.255.255.252ORG1(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG1(config-if)#exitORG1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0

We have place our web server in the private area so that the internet client cannot directly access it. So, we have configured static nat and open port number 80(http) only.

ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80

In our organisation our clients want to access internet so we will configure dynamic nat with overload for clients.

Page 7: Nat report2

ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask 255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmax overloadORG1(config)#exit

ORG1#wrBuilding configuration...[OK]ORG1#

SWITCH

Page 8: Nat report2

Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

Page 9: Nat report2

FOR ORG2

ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG2ORG2(config)#line console 0ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#line vty 0 4ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#enable password netORG2(config)#enable secret net1ORG2(config)#int f0/0ORG2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG2(config-if)#exitORG2(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 10.0.0.1 255.0.0.0ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int f0/0.2

ORG2(config-subif)#encapsulation dot1q 3ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 192.168.10.1 255.255.255.240ORG2(config-subif)#no shORG2(config-subif)#exit

Page 10: Nat report2

ORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10.9 255.255.255.252ORG2(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG2(config-if)#exitORG2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG2(config)#ip nat inside source static 10.0.0.2 200.10.10.33ORG2(config)#access-list 20 permit anyORG2(config)#ip nat pool netmax 200.10.10.34 200.10.10.36 netmask 255.255.255.240ORG2(config)#ip nat inside source list 20 pool netmaxORG2(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG2#wrBuilding configuration...[OK]ORG2#

SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....

Page 11: Nat report2

Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

Page 12: Nat report2

FOR ORG3

ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG3ORG3(config)#line console 0ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#line vty 0 4ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#enable password netORG3(config)#enable secret net1ORG3(config)#int f0/0ORG3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG3(config-if)#exitORG3(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 10.0.0.1 255.0.0.0ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int f0/0.2ORG3(config-subif)#encapsulation dot1q 3ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 192.168.10.1 255.255.255.240ORG3(config-subif)#no shORG3(config-subif)#exit

Page 13: Nat report2

ORG3(config)#int s0/0/0ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10.13 255.255.255.252ORG3(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG3(config-if)#exitORG3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG3(config)#ip nat inside source static 10.0.0.2 200.10.10.50ORG3(config)#access-list 20 permit anyORG3(config)#ip nat pool netmax 200.10.10.51 200.10.10.51 netmask 255.255.255.240ORG3(config)#ip nat inside source list 20 pool netmax overloadORG3(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG3#wrBuilding configuration...[OK]ORG3#

SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.

Page 14: Nat report2

Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

Page 15: Nat report2

REFERENCES

• Wikipedia• Google• www.edu.ac.in • NETMAX TECHNOLOGIES• CISCO


Candlesticks report2

Candlesticks report2

Fitness Report2

Fitness Report2

Lokesh Report2

Lokesh Report2

MTBMLE REPORT2

MTBMLE REPORT2

Ap report2

Ap report2

Baijnath Project Report2

Baijnath Project Report2

Complete Report2

Complete Report2

Status Report2

Status Report2

Latest Report2

Latest Report2

NBP report2

NBP report2

Lab Report2

Lab Report2

Alan's Report2

Alan's Report2

Enbe report2

Enbe report2

Rm Report2

Rm Report2

AVS report2

AVS report2

Report2 Ready

Report2 Ready

A REPORT2

A REPORT2

DCSM report2

DCSM report2

Progress Report2.doc

Progress Report2.doc

Seior report2.

Seior report2.