Scribd Logo
Upload

Welcome to Scribd!

  • Static NAT Configuration in Cisco

    Uploaded by

    talldesalegn
    5 views11 pages
    short note

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    short note

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views11 pages

    Static NAT Configuration in Cisco

    Uploaded by

    talldesalegn
    short note

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Static NAT Configuration in Cisco



    Border routers are typically configured for NAT. H. A router with an interface on the
    local (internal) network and an interface on the global (external) network. When a packet
    leaves the local (internal) network, NAT translates its local (private) IP address to a
    global (public) IP address. Global (public) IP addresses are translated to local (private) IP
    addresses when packets enter the local network. When NAT runs out of addresses, i. H. if
    there are no more addresses in the configured pool, the packet is dropped and an Internet
    Control Message Protocol (ICMP) host unreachable packet is sent to the destination.
    Terminology of NAT:
     Inside Local: It is a region inside the Enterprise’s network where the hosts have
    Private IP addresses.
     Inside Global: It is also a region inside the Enterprise network, but Public IP
    addresses are used in this region (this region is usually connected to the outside
    network or Internet).
     Outside Local: It is a region that is generally part of the Enterprise network but in a
    public Internet (or outside the Enterprise Network). The hosts of the Outside Local
    region have private IP addresses.
     Outside Global: It is a part of the Enterprise network in a public Internet where
    Public IP addresses is used.
    Range of Private IP
    addresses Class of IP addresses No. of Networks

    10.0.0.0 to 10.255.255.255 A 1

    172.16.0.0 to 172.31.255.255 B 16

    192.168.0.0 to 192.168.255.255 C 256

    These Private IP addresses cannot be advertised on the Internet using any routing
    protocol.
    Static NAT:
    In Static NAT, IP addresses are statically mapped to each other through manual
    configuration. Global IP addresses are translated to Local IP addresses based on the
    statically mapping of these IP addresses.
    There are 2 types of Static NAT:
    1. Inside Static NAT
    2. Outside Static NAT
    Inside Static NAT:
    This involves the static mapping of the Inside Local IP address (private address) to the
    Inside Global address (public address). When Inside Static NAT is used, private IP
    addresses remain hidden from the outside network.

    Configuration:
     Configure the interface in the Inside Global as
    ip nat outside
     Configure the interface in the Inside Local as
    ip nat inside
     Lastly, enable Static Nat by using the command:
    Router(config)#ip nat inside source
    static <inside-local-ip> <inside-global-ip>
    R1(config)#int f0/0
    R1(config-if)#ip nat outside
    R1(config-if)#exit
    R1(config)#int f1/0
    R1(config-if)#ip nat inside
    R1(config-if)#exit
    R1(config)#ip nat inside source static 10.1.1.2 20.1.1.1

    Outside Static NA:


    This involves the static mapping of the Outside Global IP address (public address) to an
    Outside Local address (private address). When Outside Static NAT is used, the real
    external IP addresses remain hidden from the hosts.

    Configuration:
     Configure the interface in the Inside Global as
    ip nat outside
     Configure the interface in the Inside Local as
    ip nat inside
     Lastly, enable Static Nat by using the command:
    Router(config)#ip nat inside source
    static <outside-global-ip> <outside-local-ip>
    R1(config)#int f0/0
    R1(config-if)#ip nat outside
    R1(config-if)#exit
    R1(config)#int f1/0
    R1(config-if)#ip nat inside
    R1(config-if)#exit
    R1(config)#ip nat outside source static 30.1.1.1 192.168.1.2
    To verify these NAT translations:
    R1#show ip nat translations
    Dynamic NAT Configuration in Cisco

    Generally, the border router is configured for NAT i.e., the router which has one interface
    in the local (inside) network and one interface in the global (outside) network. When a
    packet traverse outside the local (inside) network, then NAT converts that local (private)
    IP address to a global (public) IP address. When a packet enters the local network, the
    global (public) IP address is converted to a local (private) IP address. As you must be
    aware that NAT translates the Private IP addresses used inside an Enterprise network into
    Public IP addresses.
    Here are the 4 main terms related to NAT:
     Inside Local: It is a region inside the Enterprise’s network where the hosts have
    Private IP addresses.
     Inside Global: It is also a region inside the Enterprise network, but Public IP
    addresses are used in this region (this region is usually connected to the outside
    network or Internet).
     Outside Local: It is a region that is generally part of the Enterprise network but in a
    public Internet (or outside the Enterprise Network). The hosts Outside the Local
    region have private IP addresses.
     Outside Global: It is a part of the Enterprise network in a public Internet where
    Public IP addresses is used.
    Range of Private IP
    addresses Class of IP addresses No. of Networks

    10.0.0.0 to 10.255.255.255 A 1

    172.16.0.0 to 172.31.255.255 B 16

    192.168.0.0 to 192.168.255.255 C 256

    These Private IP addresses cannot be advertised on the Internet using any routing
    protocol.
    Dynamic NAT:
    In Dynamic NAT, IP addresses are dynamically mapped to each other on a one-to-one
    basis as per the needs. It establishes a mapping between an Inside Local IP address and a
    pool of Global IP addresses. This type of translation is very useful when there are
    multiple users in a private network that access the Internet. These Dynamic NAT
    Translations stay in the translation table until there is traffic flowing from the Local IP
    address to Global IP address or until the timeout time (24 hours by default) has expired.

    Configuration:
    Step 1: Configure the interface in the Inside Global as
    ip nat outside
    Step 2: Configure the interface in the Inside Local as
    ip nat inside
    Step 3: Create a pool of Global IP addresses:
    Router(config)#ip nat pool <pool-name>
    <starting-IP> <ending-IP> prefix-length <prefix-length>
    Step 4: Create an access list to permit a certain network of IP addresses:
    Router(config)#access-list <acl-number>
    permit <source-ip-network> <wildcard-mask>
    Step 5: Lastly, enable Dynamic NAT by using the command:
    Router(config)#ip nat inside source
    list <acl-number> pool <pool-name>
    R1(config)#int f0/0
    R1(config-if)#ip nat outside
    R1(config-if)#exit
    R1(config)#int f1/0
    R1(config-if)#ip nat inside
    R1(config-if)#exit
    R1(config)#ip nat pool pool1 20.1.1.5 20.1.1.20 netmask 255.255.255.0
    R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
    R1(config)#ip nat inside source list 1 pool pool1
    Now, to verify the NAT translations (to show the translations done by NAT):
    R1#show ip nat translations

    You might also like