Lab 33: Configuring HSRP, Tracking, and Asymetrical Routing-Part II

Lab 31: Configuring Dynamic NAT and Using Non-Standard FTP Port Numbers ”Part I

Practical Scenario

As internetworks grow together and access to the Internet increases , so will the need to use NAT. To add security to a network, NAT can also be deployed. By not propagating a subnet with a routing protocol, you can protect an internal network from any outside session initiation.

Lab Exercise

The Durand school district decided to merge two smaller high schools to form one large district. The JP Memorial School will be getting a T1 HDLC link to the Durand High School. The dhs_router has registered CIDR blocks of 200.100.1.16/29 and 200.100.1.32/29. The jpms router is using an unregistered IP address range of 9.3.3.0/24. The jpms_router requires access to the Internet, while restricting FTP and ping access to the server 200.100.1.18. Use the following parameters as your design guidelines:

• Configure the network so that the workstations on the subnet 9.3.3.0/24 can access to the Internet, while restricting access to the 200.100.1.16/29 subnet.

• Control access so that NAT works to the Internet, but only NAT ICMP and FTP when traffic is destined toward the host 200.100.1.18.

• Use the CIDR block of 200.100.1.32/29 for your address pool.

• Optional: Configure FTP to work on port 2021 instead of port 21.

Lab Objectives

• Configure the network as depicted in Figure 15-5. Use a loopback address to simulate the Internet. For lab purposes, you will use the address of 198.133.219.25/24 on a loopback interface to simulate the Internet.

  Figure 15-5. DHS School District ”Dynamic NAT

  

• Configure NAT so that the 9.3.3.0/24 subnet can reach the address 198.133.219.25. Restrict NAT access to only FTP, and ping to the host of 200.100.1.18. You should not be able to ping 200.100.1.17 from the 9.3.3.0/24 subnet.

• Do not make a route to the jpms_router's Ethernet from the dhs_router. Do not propagate the 9.3.3.0/24 subnet with a routing protocol.

Equipment Needed

• Two Cisco routers. The routers should be connected through V.35 back-to-back cables or in a similar manner. Cisco IOS Software Release 11.2 or later and releases 11.2(13) or 11.3(3) and later for the optional portion of the lab.

• Two LAN segments, provided through hubs or switches.

• Two IP workstations, one to serve as an FTP server and one to serve as the client workstation. You can download FTP server and client software from DOWNLOAD.CNET.COM.

Physical Layout and Prestaging

• Connect the hubs and serial cables to the routers, as shown in Figure 15-5.

• Connect the two Ethernet hubs to the routers to form two LAN segments, as shown in Figure 15-5.

• Connect and configure two IP-based workstations, as shown in Figure 15-5. Make the workstation 200.100.1.18 the FTP server, and make 9.3.3.10 the FTP client. Copy a test file into the public directory of the FTP server for testing.

• Optional: Configure FTP to operate on port 2021 instead of port 21. Do this by changing the server software to run on port 2021. You also need to make sure that the client is set to connect on 2021.