GNS3 home lab-connect devices to the intenet

Posted: July 26, 2015 in CISCO

In this post we will connect virtual GNS3 routers to the internet:

Untitled

Cloud 1 presents computer’s NIC adapter (Ethernet),which connects my computer to the internet.Default Gateway is

192.168.0.1.This will be gateway for R1 router too:

Untitled2

Connect R1 to the internet and add default route to the internet and 192.168.5.0 network (i used static routing here):

R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 !route to the internet
R1(config)#ip route 192.168.5.0 255.255.255.0 192.168.6.2 !route to the R2 and 192.168.5.0 subnet
R1(config)#do ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/26/28 ms

Configure R1 as DNS server and enable name translations:

R1(config)#ip dns server
R1(config)#ip domain-lookup
R1(config)#ip name-server 8.8.8.8
R1(config)#do ping skins.be

Translating "skins.be"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 85.214.78.232, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/58/76 ms

Configuring R2:

R2#
R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.6.1 !default route
R2(config)#do ping 192.168.0.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/24 ms

R2(config)#do ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

As you can see,we can ping R1 f0/0 interface,but trying to ping internet will fail.My ISP alows traffic only from hosts  which have IP range 192.168.0.1-192.168.0.254.We need to mask hosts from 192.168.5.0 network as if they are from 192.168.0 network. We can easily achive this using Network address translation (NAT).It’s address modification technique that converts non routable address of the host which access the internet to the routable (internet visible IP address).

In this case,R1 f0/0 interface is connected to the internet and it will be  nat outside interface (outside-interface conected to the public network).

R1 interface f0/1 is connected to local (inside) network which cannot be routed to the internet and is refered as nat inside interface

access-list 1 permit 192.168.4.0 0.0.3.255-allows traffic from hosts with IP range 192.168.5.0-192.168.6.254

We have 2 subntets behind the R1 router:192.168.5.0 and 192.168.6.0

In decimal representation:

11000000.10101111.00000101      192.168.5.0

11000000.10101111.00000111      192.168.6.0

22 bits are common for both subnets=252,256-252=4

Block size for both network is 4,wildcard mask uses block size number-1 (4-1=3).

That’s why we used 3 in wildcard mask.0-every octet must match,255-octed doesn’t need to match

More about wildacrd mask:https://learningnetwork.cisco.com/thread/65941

ip nat inside source list 1 int f0/0 overload translates the source of IP packets that are traveling inside to outside.

Traffic from 192.168.5  and 192.168.6 network will be translated to 192.168.0.10 (R1 interface facing the internet),so hosts from 192.168.5/6 network will be seen (masked) by my ISP as if they are 192.168.0.10 host.

overload (also known as Port Adress translation-PAT) translates ports from private adrress range (192.168.5.0-192.168.6.0) to publicly visible ip address (ip address od R1 f0/0 interface-192.168.0.10)

R1(config)#int f0/0
R1(config-if)#ip nat outside
R1(config)#int f0/1
R1(config-if)#ip nat inside
R1(config)#access-list 1 permit 192.168.4.0 0.0.3.255
R1(config)#ip nat inside source list 1 int f0/0 overload

Configure R2 to use R1 as prefered DNS server and ping some internet addresses:

R2(config)#ip domain-lookup
R2(config)#ip name-server 192.168.6.1
R2(config)#do ping bug.hr

Translating "bug.hr"...domain server (192.168.6.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 213.202.123.24, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 52/59/68 ms

R2(config-if)#do ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/43/48 ms

Host1 is Windows Server 2012,it’s Default Gateway is R2 f0/1 interface (192.1685.3) and DNS server R1 (192.168.6.1).

We can ping from windows any internet ip address (by IP and by name)

Untitled5

Le’ts see nat translation table on R1:
R1(config)#do sh ip nat tran
Pro Inside global                          Inside local                 Outside local                  Outside global
icmp 192.168.0.10:1                    192.168.5.10:1             52.7.59.10:1                52.7.59.10:1
icmp 192.168.0.10:1                    192.168.5.10:1             85.214.78.232:1          85.214.78.232:1
udp 192.168.0.10:58062             192.168.5.10:58062      8.8.8.8:53                    8.8.8.8:53
icmp 192.168.0.10:55                  192.168.6.2:55              8.8.8.8:55                    8.8.8.8:55
icmp 192.168.0.10:56                  192.168.6.2:56              85.214.78.232:56        85.214.78.232:56
icmp 192.168.0.10:57                  192.168.6.2:57              85.214.78.232:57        85.214.78.232:57
Inside global: The address of the inside host as seen from the outside (192.168.0.10).From the outside perspective,all trafic initiated from hosts behind R1 (R2 and Host1 in this example) will be seen as traffic coming from R1 router (192.168.10.1)

Inside local: The address of the inside host as seen from the inside.Addresses of R2 and Host1 (192.168.62 and 192.168.5.10), seen from internal network,(inside) perpsective

Outside local: The address of the outside host as seen from the inside.These are addresses which we pinged from R2 and Host1 (8.8.8.8,52.7.5.9)

Outside global: The addresses of the outside hosts as seen from the outside.Again,addresses we are pinged from the inside.They are public IP addresses,seen in same way from internal hosts as well as from the internet.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s