When would you need this: When you want to connect a local network to the Internet and you don’t have that much IP addresses.
Special Requirements: None.
There are two types of NAT that can be configured on a Cisco router; static, and dynamic.
Static NAT Configuration:
This type is used when you want to do one-to-one assignment of local IP addresses to global IP addresses.
1. Establish static translation between an inside local address and an inside global address,
Router(config)#ip nat inside source static XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
XXX.XXX.XXX.XXX is the (inside) local address
YYY.YYY.YYY.YYY is the (inside) global address
2. Specify the local interface. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
3. Specify the global address. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
Dynamic NAT Configuration:
This type is used when you want the router to do the mapping dynamically. This method is useful when you have too many global and local addresses and you do not want to do the mapping manually, or when the number of global addresses available is less than the local addresses.
This would lead us to two different scenarios,
A. The number of global IP addresses is equal or less than the local addresses and more than one. (global >= local >1)
1. Define a pool of global addresses that would be employed in the translation,
Router(config)#ip nat pool NAME XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY netmask ZZZ.ZZZ.ZZZ.ZZZ
where,
NAME is the name of the pool
XXX.XXX.XXX.XXX is the starting IP address of the pool
YYY.YYY.YYY.YYY is the end IP address of the pool
ZZZ.ZZZ.ZZZ.ZZZ is the subnet mask of the network that the pool is part of.
2. Define the range of local addresses permitted to participate in the translation using an access-list.
Router(config)#access-list NO permit XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
NO is the number of the access-list, which is usually a standard access list
XXX.XXX.XXX.XXX is the network address of the local network or the starting IP address of the range.
YYY.YYY.YYY.YYY is the wildcard mask used to define the range
You can issue more than one access-list sentence in the same access-list to define the specific IP address range(s).
3. Associate the pool and the local range in a dynamic NAT translation command,
Router(config)#ip nat inside source list NO pool NAME [overload]
where,
NO is the number of the access list
NAME is the name of the global pool
overload This parameter MUST be used when you have global IP addresses less than local IP addresses (which is known as PAT).
4. Specify the local interface. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
5. Specify the global address. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
B. There is only one global IP address and a group of local IP addresses.
In this case, the only global IP address is assigned to the interface connected to the global network.
1. Define the range of local addresses permitted to participate in the translation using an access-list.
Router(config)#access-list NO permit XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
NO is the number of the access-list, which is usually a standard access list
XXX.XXX.XXX.XXX is the network address of the local network or the starting IP address of the range.
YYY.YYY.YYY.YYY is the wildcard mask used to define the range
You can issue more than one access-list sentence in the same access-list to define the specific IP address range(s).
2. Associate the pool and the local range in a dynamic NAT translation command,
Router(config)#ip nat inside source list NO interface TYPE INTNO overload
where,
NO is the number of the access list
TYPE is the type of the interface that has the global IP address (ex: serial , or Ethernet)
INTNO the number of the interface
An example of the interface type and number is serial 0, or Ethernet 0.
3. Specify the local interface. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
4. Specify the global address. This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
Troubleshooting commands:
Router#show ip nat translation
To show the current translations preformed by NAT
Router#show ip nat static
To show the static translations of NAT
Router#debug ip nat
To watch the instantaneous interactions of NAT
Note: To disable NAT, you need to do the following steps:
1. Disable NAT on the local and global interfaces
Router(config-if)#no ip nat inside
on the local, and
Router(config-if)#no ip nat outside
on the global interface.
2. Clear the contents of the translation table,
Router#clear ip nat translations
3. Remove the NAT assignment command by preceding it with a ‘no’
4. Remove the access-list, if any.
Reference: http://www.routergeek.net/content/view/39/37/
My Blog List
-
How to configure AWS SES with Postfix MTA on Debian Linux - [image: See all Amazon AWS web services related articles/faq] AWS SES (Amazon Simple Email Service) is a cloud-based email-sending service that is both rel...6 hours ago
-
A Closer Look at Remote Peering: Technologies and Techniques - In the realm of digital communication, the significance of efficient internet traffic exchange has escalated with the surge in global cloud content. With...2 weeks ago
-
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...1 year ago
-
Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...3 years ago
-
Web Application Vulnerability Scanning Tools - Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....5 years ago
-
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...5 years ago
-
Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...6 years ago
-
10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...9 years ago
-
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...12 years ago
