Cisco | NAT-Pool Route-MAP Sekenario-1

Konfigurasi R1
hostname R1
interface gi0/0
ip address 10.0.1.1 255.255.255.0
ip nat out
no sh
exit

interface gigabitEthernet 0/1
ip address 192.168.0.254 255.255.255.0
no shut
ip nat inside
exit

Konfig R2
hostname R2
interface gi0/0
ip address 10.0.1.2 255.255.255.0
no sh
exit

interface gigabitEthernet 0/1
ip address 123.1.2.2 255.255.255.0
no sh
exit

Sesion-1
Konfig NAT, Access-List dan Route-MAP di Router R1
ip nat pool NPOOL-TES 10.0.1.11 10.0.1.11 netmask 255.255.255.0
ip nat inside source route-map RMAP-NAT-TEST pool NPOOL-TES overload
!
ip route 123.1.2.10 255.255.255.255 10.0.1.2 name TEST_123.1.2.10
!
ip access-list extended ACL-TEST_192.168.0.10
permit ip host 192.168.0.10 host 123.1.2.10
permit ip host 123.1.2.10 host 192.168.0.10
!
route-map RMAP-NAT-TEST permit 10
match ip address ACL-TEST_192.168.0.10
match interface GigabitEthernet0/0

Verifikasi

Ping dari PC 192.168.0.10 to 123.1.1.10, hasilnya reply (connected)

Ping dari PC 123.1.2.10 to 192.168.0.1o, hasilnya unreahble (not connected), tp jik ping ke 10.0.1.11 yt IP NAT yg dipakai si 192.168.0.10 hasilnya reply/connected.

Verifkasi dari Router R1

##TAMABAHAN, JIKA MISAL HOST 192.168.0.10 DIBAWAH ROUTER SATU LAGI
R1 <---->SW <----> FW/ROUTER <----> host 192.168.0.10
ip route 192.168.0.10 255.255.255.255 IP_GW

========== Sesion-2 =============
Kita tambahkan komputer server (Linux-Webmin) tujuanya dari luar host_123.1.2.10(3rdparty akses ke server_192.168.0.12) namun yg ditemabk bukanlah IP realnya tp IP NAT-nya (ip virtual) yt 10.0.1.12.

Tambahkan Command berikut ini di Router R1:
route-map RMAP-NAT-TEST2 permit 10
match ip address ACL-TEST_192.168.0.12
set ip-next-hop 10.0.1.2
!
ip access-list extended ACL-TEST_192.168.0.12
permit ip host 192.168.0.12 host 123.1.2.10
!
ip nat inside source static 192.168.0.12 10.0.1.12

Lalu Verifikasi
Dari luar host_123.1.2.10 buka browser akses ke https://10.0.1.12:10000 dan dari host_192.168.0.10 ping ke 123.1.2.10.