|
When would you need this: When you want to connect a local
network to the Internet and you don’t have that much IP addresses.
Special Requirements: None.
There are two types of NAT that can be configured on a Cisco
router; static, and dynamic.
Static NAT Configuration:
This type is used when you want to do one-to-one assignment
of local IP addresses to global IP addresses.
1. Establish static translation
between an inside local address and an inside global address,
Router(config)#ip nat inside source
static XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
XXX.XXX.XXX.XXX is the (inside)
local address
YYY.YYY.YYY.YYY is the (inside)
global address
2. Specify the local interface.
This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
3. Specify the global address. This
is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
Dynamic NAT Configuration:
This type is used when you want the
router to do the mapping dynamically. This method is useful when you have too
many global and local addresses and you do not want to do the mapping manually,
or when the number of global addresses available is less than the local
addresses.
This would lead us to two different
scenarios,
A. The number of global IP
addresses is equal or less than the local addresses and more than one. (global
>= local >1)
1. Define a pool of global
addresses that would be employed in the translation,
Router(config)#ip nat pool NAME
XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY netmask ZZZ.ZZZ.ZZZ.ZZZ
where,
NAME is the name of the pool
XXX.XXX.XXX.XXX is the starting IP
address of the pool
YYY.YYY.YYY.YYY is the end IP
address of the pool
ZZZ.ZZZ.ZZZ.ZZZ is the subnet mask
of the network that the pool is part of.
2. Define the range of local
addresses permitted to participate in the translation using an access-list.
Router(config)#access-list NO
permit XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
NO is the number of the access-list, which is usually a
standard access list
XXX.XXX.XXX.XXX is the network address of the local network
or the starting IP address of the range.
YYY.YYY.YYY.YYY is the wildcard mask used to define the
range
You can issue more than one access-list sentence in the same
access-list to define the specific IP address range(s).
3. Associate the pool and the local range in a dynamic NAT
translation command,
Router(config)#ip nat inside source list NO pool NAME
[overload]
where,
NO is the number of the access list
NAME is the name of the global pool
overload This parameter MUST be used when you have global IP
addresses less than local IP addresses (which is known as PAT).
4. Specify the local interface.
This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
5. Specify the global address. This
is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
B. There is only one global IP address and a group of local
IP addresses.
In this case, the only global IP address is assigned to the
interface connected to the global network.
1. Define the range of local
addresses permitted to participate in the translation using an access-list.
Router(config)#access-list NO
permit XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where,
NO is the number of the access-list, which is usually a
standard access list
XXX.XXX.XXX.XXX is the network address of the local network
or the starting IP address of the range.
YYY.YYY.YYY.YYY is the wildcard mask used to define the
range
You can issue more than one access-list sentence in the same
access-list to define the specific IP address range(s).
2. Associate the pool and the local range in a dynamic NAT
translation command,
Router(config)#ip nat inside source list NO interface TYPE
INTNO overload
where,
NO is the number of the access list
TYPE is the type of the interface that has the global IP
address (ex: serial , or Ethernet)
INTNO the number of the interface
An example of the interface type and number is serial 0, or
Ethernet 0.
3. Specify the local interface.
This is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat inside
4. Specify the global address. This
is done by going to the interface configuration mode and issuing,
Router(config-if)#ip nat outside
Troubleshooting commands:
Router#show ip nat translation
To show the current translations preformed by NAT
Router#show ip nat static
To show the static translations of NAT
Router#debug ip nat
To watch the instantaneous interactions of NAT
Note: To disable NAT, you need to do the following steps:
1. Disable NAT on the local and global interfaces
Router(config-if)#no ip nat inside
on the local, and
Router(config-if)#no ip nat outside
on the global interface.
2. Clear the contents of the translation table,
Router#clear ip nat translations
3. Remove the NAT assignment command by preceding it with a
‘no’
4. Remove the access-list, if any.
|
NAT & PAT
Written by shakeel0705 on 2008-06-27 02:44:11
Hi Mohammed Alani,
I would like to know how to Configured NAT and PAT with Example.
Please could you help me.
Thanks & Regards
Shakeel Ahmed.M | chattopadhyay
Written by ckajal on 2008-07-25 03:29:04
i am want to new exam ccna .pdf book | NAT Exemption
Written by gallo991 on 2009-01-20 08:27:29
What would be the best way to go with setting up NATing bypass on a router. Is it just a matter of changing the entries in the access-list with Deny statements of the subnets you'd like to exempt from NAT translations and keep all other configs the same? Thanks! |
Only registered users can write comments.
Please login or register. Thank you for leaving a comment |
Home 
