Configuring NAT for Basic Local IP Address Translation

The following procedure enables basic local IP address translation:

Step 1 At a minimum, IP routing and appropriate IP addresses must be configured on the router.

Step 2 To perform static address translations for inside local addresses, define the addresses using the following command:

Routen(config)#ip nat inside source static local-ip global-ip Step 3 To perform dynamic translations, do the following:

a. Configure a standard IP access list to identify the inside network addresses that will be translated.

Router(config)#access-list access-list-number permit source [source-wildcard]

b. Configure an IP NAT pool that defines the global addresses to which the inside local addresses will be translated, using the following command:

Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

This command defines a pool of contiguous addresses from the start address to the end address, using the netmask or prefix length. These addresses are allocated as needed.

c. Configure the translation to use the access list and the IP NAT pool, using the following command:

Router(config)#ip nat inside source list access-list-number pool name

Step 4 Enable NAT on at least one inside and one outside interface using the following command:

Router(config-if)#ip nat {inside | outside}

Step 5 Only packets moving between inside and outside interfaces are translated.

For example, if a packet is received on an inside interface but is not destined for an outside interface, it is not translated.

Example D-1 shows a sample configuration of basic inside local address translation. This example uses a pool of addresses named net-172 to translate inside local addresses 10.1.1.x to inside global addresses 172.16.2.x.

Example D-1 Example of Basic Inside Local Address Translation ip nat pool net-172 172.16.2.1 172.16.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool net-172 !

interface Serial0

ip address 172.30.232.182 255.255.255.240 ip nat outside

interface EthernetO

ip address 10.1.1.254 255.255.255.0 ip nat inside

access-list 1 permit 10.1.1.0 0.0.0.255

Was this article helpful?

0 0

Post a comment