NAT, DHCP and Firewalls

This lab provides an opportunity to revise your understanding of NAT, DHCP and firewalls, and the commands for configuring these functions on a Cisco router.

Work in a group of four to build the network in the figure below.

• Configure the Gateway router as a DHCP server for the 172.16.16.0/24 subnet.
• Configure the server with the address 220.22.2.2. It is assumed that the server requires a fixed, global IP address in order to allow access from the public Internet (represented by the node 12.12.12.12). Configure the server address manually. If you have time, you can consider how to manage the configuration from the DHCP server (see DHCP Configuration).
• Now configure the Gateway router to support NAT with overload (PAT) for the 172.16.16.0/24 subnet. Assume that the IP address of its serial interface is the only address available for the NAT pool.
• Configure the interfaces of the ISP router and the 12.12.12.12 workstation.
• Configure routing on the Gateway and ISP routers. Remember that you should not advertise the private subnet 172.16.16.0/24 from the Gateway router.
• Check the connectivity of the network using ping. It should not be possible to access the private subnet from the ISP router or its workstation but the server should be accessible.
• Finally, configure the Gateway router with an extended access list that restricts access to the server to allow only TFTP access.
• Document your configurations. Even if you do not have time to complete the configuration in the lab session, you should complete the documentation for the full requirements. This will be useful revision for you.