2a) Show (include descriptions) the relevant running configuration for the Edge Router. The Edge router is configured in a way that the interface Fa0/1 acts as the gateway for the inner network that consists of the 2 PCs, Internal Router and the Telnet Server. The gateway IP address that the edge router uses in this interface is 192.168.1.254. This interface is also programmed with ip nat inside suggesting that the network inside is a private network using private IP addresses. The commands that configure these functions are: ‘ip address 192.168.1.254 255.255.255.0’ ‘ip nat inside’ The other side, the interface Fa0/0 is set as ip nat outside is the global network as it is connected to the Internet Gateway.The public IP address that is used by the Edge Router is 200.1.1.1. The command that sets this up is : ‘ip address 200.1.1.1 255.255.255.0’ ‘ip nat outside’ The command ‘ip route 10.1.1.0 255.255.255.0 192.168.1.1’ enables the relevant configuration of static routing so that incoming traffic can travel to the destination network of 10.1.1.0 with the subnet mask of 255.255.255.0 or 24. The route configuration also suggest that the router can use the router with the IP address 192.168.1.1 as a next hop to reach the destination network. The ‘access-list 10 permit 192.168.1.0 0.0.0.255’ command is configured to the establish a list of IP addresses from that network can pass through the router. The ‘ip nat inside source list 10 interface FastEthernet0/0 overload’ command is configured so that PAT (interface mode) can be configured on this router. This is because there is only one global IP that is available which is for PC1 (172.16.1.1). This command enables NAT overload for access-list 10 and binds it to the outside interface of Fa0/0. The command ‘ip nat inside source static tcp 192.168.1.2 23 200.1.1.1 23 extendable’ configures the NAT( Port Forwarding) for private IP address(TelnetServer) so that it can be translated into public IP of 200.1.1.1.Packets with destination port of 23 that reach the interface with a public IP will be directed to the IP 192.168.1.2 .The extendable parameter is there so that the router can translate the private IP into more than one public IP address. 2b) Show (include descriptions) the relevant running configuration for the Internal Router to enable PC1 to access the Internet. PC0 however could only access the internal devices (PC1, Telnet Server). Hint: This task should be accomplished using NAT. Interface FastEthernet0/0 specifying the interface to configure. IP address 10.1.1.254 255.255.255.0 configure the IP address and subnet mask for the interface. Duplex auto configure the duplex setting for the interface to auto. Duplex specify to the ability of the interface to send and receive data simultaneously. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Interface FastEthernet0/1 specify the interface to configure. Ip address 172.16.1.254 255.255.255.0 configure the IP address and subnet mask for the interface. The IP address is 172.16.1.254 and the subnet mask is 255.255.255.0. Ip nat inside configure the interface to be an inside interface for Network Address Translation (NAT). This means that any traffic that originates from this interface and is destined for the outside world will have its source IP address translated to the IP address of the outside interface. Ip virtual-reassembly enable IP Virtual Reassembly on the interface. IP Virtual Reassemble is used to reassemble fragmented IP packets that arrive at the interface. Duplex auto configure the duplex setting for the interface to auto. Duplex refers to the ability of the interface to send and receive data simultaneously. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Interface FastEthernet1/0 specify the interface to configure. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Interface FastEthernet0/1 specify the interface to configure. Ip address 192.160.1.1 255.255.255.0 configure the IP address and subnet mask for the interface. Ip nat inside configuring the interface to be an inside interface for Network Address Translation (NAT). This means that any traffic that originates from this interface and is destined for the outside world will have its source IP address translated to the IP address of the outside interface. Ip virtual-reassembly enable IP Virtual Reassembly on the interface. IP Virtual Reassembly is used to reassemble fragmented IP packets that arrive at the interface. Duplex auto configure the duplex setting for the interface to auto. Duplex refers to the ability of the interface to send and receive data simultaneously. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Interface FastEthernet1/0 specify the interface to configure. Ip address 192.168.1.1 255.255.255.0 configure the IP address and subnet mask for the interface. Ip nat outside configure the interface to be an outside interface for Network Address Translation (NAT). This means that any traffic that originates from the outside world and is destinated for the inside network will have its destination IP address translated to the IP address of the inside interface. Ip virtual-reassembly This line is enabling IP Virtual Reassembly on the interface. IP Virtual Reassembly is used to reassemble fragmented IP packets that arrive at the interface. Duplex auto configure the duplex setting for the interface to auto.Duplex refers to the ability of the interface to send and receive data simultaneously. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Interface FastEthernet2/0 This line is specifying the interface to configure. No ip address This line is removing any previously configured IP address for the interface. Shutdown administratively shutting down the interface. This means that the interface will not be able to send or receive any data. Duplex auto configure the duplex setting for the interface to auto.Duplex refers to the ability of the interface to send and receive data simultaneously. Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data is transmitted over the interface. Ip forward-protocol nd is enabling forwarding of Neighbor Discovery (ND) packets. ND is used by IPv6 to discover other devices on the network and to manage network traffic. Ip route 0.0.0.0 0.0.0.0 192.168.1.254 is configuring the default route for the router. Any traffic that is not destined for a specific network will be forwarded to the device with IP address 192.168.1.254. No ip http server is disabling the HTTP server on the router. This means that the router will not be able to serve any web pages. No ip http secure-server is disabling the HTTPS server on the router. This means that the router will not be able to serve any secure web pages. Ip nat inside source static 172.16.1.1 192.168.1.3 is configuring a static NAT mapping. Any traffic that originates from the inside network with the source IP address of 172.16.1.1 will have its source IP address translated to 192.168.1.3 when it is sent to the outside network. This allows external devices to initiate communication with the inside network using the translated IP address. 2c) Use Wireshark (integrate it to GNS3) and show (include descriptions) the following: i) PC1 is able to Ping the Internet Gateway and all other internal devices. The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the Internet Gateway which has IP address 200.1.1.2. PC1 sent four requests and all of them were replied to by Internet Gateway successfully. Since it has the Network Address Translation (NAT) on the Internal Router, thus it is able to ping the outside internet which is Internet Gateway. The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the TelnetServer which has IP address 192.168.1.2. PC1 sent four requests and all of them were replied to by TelnetServer successfully. The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the PC0 which has IP address 10.1.1.1. PC1 sent four requests and all of them were replied to by PC0 successfully. The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the EdgeRouter which has IP address 192.168.1.254. PC1 sent four requests and all of them were replied to by EdgeRouter successfully. ii) PC0 is unable to Ping the Internet Gateway but able to Ping all other internal devices. The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the Internet Gateway which has IP address 200.1.1.2. PC0 sent four requests and all of them were not replied to by EdgeRouter. It is because the Internal Router does not have any Network Address Translation (NAT) configuration to translate the IP address of PC0 to the specified IP address range, which is between 192.168.1.1 and 192.168.1.254. Therefore, PC0 is not able to access the Internet Gateway since there is an access-list which only allows the specified IP address range to access. The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the PC1 which has IP address 172.16.1.1. PC0 sent four requests and all of them were replied to by PC1 successfully. The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the TelnetServer which has IP address 192.168.1.2. PC0 sent four requests and all of them were replied to by TelentServer successfully since there is a static route for all the routers. iii) The relevant NAT occurring in the Wireshark results NAT for PC1 to Internet Gateway Interface f0/1 (Internal Router) Interface f1/0 (Internal Router) Interface f0/0 (EdgeRouter) Interface f0/1 (EdgeRouter) As shown in the above diagrams, all the ID of the packets are the same which is 0x120b. It means that all the packets came from the same operation. Network Address Translation (NAT) occurs when PC1 which has IP address 172.16.1.1 is trying to ping the Internet Gateway. First diagram shows that the request packet has the Source IP of 172.16.1.1 and Destination IP of 200.1.1.2. After it goes into the Internal Router, it translates the IP address from 172.16.1.1 to 192.168.1.3. Therefore, the second diagram shows that the Source IP is changed to 192.168.1.3 and Destination IP remains unchanged. Since the packets are still in the same network, the Source IP and Destination IP remain unchanged as shown in the third diagram. Second translation occurs when going to the EdgeRouter, it translates the IP address from 192.168.1.3 to 200.1.1.1 due to the NAT configuration that has been set on the EdgeRouter. Thus, the Source IP changes again, from 192.168.1.3 to 200.1.1.1 and Destination IP remains unchanged. The Destination IP remains unchanged all the time because the request packet is from the “inside” of the network (Private network) to the “outside” of the network (Public network). On the other hand, the situation will be reversed when the reply packet goes from the “outside” network to the “inside” network. NAT for Internet Gateway access TelnetServer Interface f0/1 (EdgeRouter) Interface f0/1 (EdgeRouter) Interface f0/0 (TelnetServer) The diagrams above show that the packet transfers when Internet Gateway starts the connection to TelnetServer. Since the connection is started from the outside network, which is opposite of the first situation (NAT for PC1 to Internet Gateway), the Destination IP of the request packet will be changed when it goes through routers and Source IP will always remain unchanged. From the first diagram, it shows that the Internet Gateway starts the connection to TelnetServer. When the packet goes to the EdgeRouter, it translates the Destination IP from 200.1.1.1 to 192.168.1.2 (TelnetServer) as shown in the second diagram. This is because Port Forwarding is configured on the Edge Router, which forwards the connection that was originally going into 200.1.1.1:23 to the Telnet Server 192.168.1.2:23. When Internet Gateway is trying to connect to the TelnetServer by using ‘telnet 200.1.1.1’ command, the telnet traffic will be redirected to the TelnetServer instead of the Edge Router. Third diagram shows Source and Destination IP address remain unchanged because the packet has already gone into the private network, but hadn’t yet gone through the Edge Router for the Source IP address to be changed to Edge Router’s IP address 200.1.1.1. 2d) Show the Internet Gateway is able to connect to the Telnet Server using telnet, but unable to Ping to the Telnet Server Telnet: Internet Gateway is able to connect to the Telnet Server using telnet as shown in the screenshot above using the address translated using NAT, which is 200.1.1.1. The Telnet Server’s address 192.168.1.2:23 is translated to 200.1.1.1:23, and is accessed by telnetting to Edge Router, which will then redirect the telnet traffic to the Telnet Server. ping: Internet Gateway is able to ping the Edge Router 200.1.1.1, but not the Telnet Server 192.168.1.2 since NAT is applied and only Telnet connections (port 23) to the Telnet Server is allowed. When Internet Gateway tries to ping 192.168.1.2, the packet will be rejected by the Edge Router as shown in the last screenshot above, where there are “Destination unreachable” ICMP packets highlighted in black colour.