ICND2 – Chapter 18 – NAT (Network Address Translation)

NAT is defined by RFC 3022. It allows a host that does not have a valid, public routable IP address to communicate with other hosts on the internet.

Cisco IOS supports several variations of NAT.

Static NAT configures a 1 to 1 mapping between private and public addresses.

Dynamic NAT creates a 1 to 1 mapping between private and public addresses as well but does it dynamically.

You can manually clear Dynamic NAT translations using:

Router#clear ip nat translations *

Dynamic NAT sets up a pool of possible INSIDE GLOBAL addresses and uses an ACL to determine source addresses that should use NAT.

NAT Overload uses one single address and NATs the hosts uses port numbers. (Also known as PAT)

Cisco uses the term INSIDE refers to the network using private addresses.

The term OUTSIDE refers to the Internet side of the network (using globally routable public IP addresses)

More on Inside/Outside and Local/Global:

INSIDE – Inside the LAN
OUTSIDE – Outside the LAN
LOCAL – private addresses
GLOBAL – public addresses

INSIDE LOCAL – inside private
INSIDE GLOBAL – inside public
OUTSIDE LOCAL – outside private (in many cases this is the same as the OUTSIDE GLOBAL)
OUTSIDE GLOBAL – outside public

Normally NAT translates an inside SOURCE address to an outside address but you can also translate both the SOURCE and DESTINATION addresses. This is useful when two networks are IPed with the same private address blocks (overlap) and need to communicate with each other. This is accomplished via static mapping.

Static NAT Configuration:

1. Configure interfaces to be inside or outside

Router(config-if)#ip nat inside

OR

Router(config-if)#ip nat outside

2. Configure static mappings

Router(config)#ip nat inside source static 10.0.0.1 74.125.225.40

Dynamic NAT Configuration:

1. Configure interfaces to be inside or outside (as above)

2. Create an ACL that matches the source addresses of the hosts that will use NAT

Router(config)#access-list 10
Router(config-acl)#permit 10.0.0.0 0.255.255.255

3, Create a NAT pool (public addresses)

Router(config)#ip nat pool MyPool 74.125.225.2 74.125.225.126 netmask 255.255.255.128

4. Enable NAT

Router(config)#ip nat inside source list 10 pool MyPool

Configuring PAT (NAT Overload):

NAT Overload can use a single public address or a pool of public addresses. When using a pool the setup is the same as the Dynamic NAT setup above except you add an overload statement to the command in step 4.

Router(config)#ip nat inside source list 10 pool MyPool overload

PAT with a single address:

1. Configure interfaces to be inside or outside

2. Create an ACL that matches the source addresses of the hosts that will use NAT

3. Enable NAT and specify the interface to use as the public address

Router(config)#ip nat inside source list 10 interface s0/0 overload

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s