How to Configure NAT in Cisco IOS?

Posted on January 8, 2013 by | 0 Comments
Unlock Best Pricing with In-stock, Ready-to-Ship Products

NAT (Network Address Translation), it in simple terms translates an IP address into another. Network Address Translation is of different types like

Static NAT (One to One)

Dynamic NAT (Many to Many)

Overloading (Many to One)

The main purpose of NAT is to hide the IP address (usually private) of a client in order to reserve the public address space. For example a complete network with 100 hosts can have 100 private IP addresses and still be visible to the outside world (internet) as a single IP address. Other benefits of NAT include security and economical usage of the IP address ranges at hand.

We will focus on Overloading form of NAT. This is called as Port Address Translation (PAT) or even Network Address Port Translation (NAPT). NAT Overloading translates many private IP addresses from a Local Area Network (LAN) onto a single registered legal Public IP address. Here, the source IP and the source port get translated to the Public IP and a different source port.

Typical network configuration would be on an Internet Router which enables all the hosts in the LAN to connect to the Internet using one single Public IP address.

The following procedure will help you to configure NAT Overload or Port Address Translation (PAT) in Cisco IOS:

NAT Inside Interface

Enable an interface on the router with an IP Address and mark it as nat inside interface. This is the interface that connects to your internal private network

WANRouter(config)# int fastethernet0/1

WANRouter(config-if)# ip address 192.168.1.1 255.255.255.0

WANRouter(config-if)# ip nat inside 

Enable NAT Outside Interface

WANRouter(config)# int serial0/0/0

WANRouter(config-if)# ip address 100.100.100.100 255.255.255.0

WANRouter(config-if)# ip nat outside

 

Configure NAT Pool

This will be a pool of legal Public IPs that is bought by the organisation. This could anything from one to many IP Address

WANRouter(config)# ip nat pool WANPOOL 100.100.100.10 100.100.100.10 netmask 255.255.255.0

This creates pool which has just one IP address. The syntax is

ip nat pool <pool name> startip endip {netmask netmask | prefix prefix-length}

Access List to Allow List of IP Addresses to NAT Translate

WANRouter(config)# ip access-list 10 permit 192.168.1.0 0.0.0.255

For more networks or hosts to overload the NAT pool simply add them to the access list

WANRouter(config)# ip access-list 10 permit 192.168.2.0 0.0.0.255
WANRouter(config)# ip access-list 10 permit 192.168.3.0 0.0.0.255

Instruct Router to NAT the Access list to the NATPool

WANRouter(config)# ip nat inside source list 10 pool WANPOOL overload

If this is an internet configuration then ensure that a default route on the IP to the outside IP address or outside interface

WANRouter(config)# ip route 0.0.0.0. 0.0.0.0 serial0/0/0

or

WANRouter(config)# ip route 0.0.0.0 0.0.0.0 100.100.100.100

Thats it. Job done!!!

The NAT setup is now complete.We have setup the router to translate LAN private IPs into the Internet public IPs.

To check the NAT status and statistics

WANRouter# show ip nat statistics

To see the active translations

WANRouter# show ip nat translations

We discussed NAT Overloading above: Cisco IOS NAT configuration. Here, we will configure a Static NAT on Cisco IOS Routers. Static NAT is rather straight forward as it is a one to one NATing between IP addresses as against the NAT Overloading or the Dynamic NAT where the IP addresses from the inside are NATed to a pool of IPs.

 

NAT Inside Interface

Enable an interface on the router with an IP Address and mark it as Nat inside interface. This is the interface that connects to your internal private network

WANRouter(config)# int fastethernet0/1

WANRouter(config-if)# ip address 192.168.1.1 255.255.255.0

WANRouter(config-if)# ip nat inside

Enable NAT Outside Interface

WANRouter(config)# int serial0/0/0

WANRouter(config-if)# ip address 100.100.100.100 255.255.255.0

WANRouter(config-if)# ip nat outside

Instruct Router to NAT the Source IP Address to that of a NATed IP.

WANRouter(config)# ip nat inside source static 10.1.1.11 172.1.1.11

WANRouter(config)# ip nat inside source static 10.1.1.12 172.1.1.12

WANRouter(config)# ip nat inside source static 10.1.1.13 172.1.1.13

Where 10.1.1.x IPs are NATed to 172.1.1.x

The syntax is

ip nat inside source static x.x.x.x y.y.y.y

That sets up the Static NATs. These can co-exist along with NAT Overloading or Dynamic NATs.

To Check the NAT Status and Statistics

WANRouter# show ip nat statistics

To See the Active Translations

WANRouter# show ip nat translations

—Resource guide from https://www.itsyourip.com/ 

More Related Reading:

How to Configure HSRP on a Cisco Router?

How to Configure GLBP in Cisco IOS Routers?

How to Fix OSPF Split Area with GRE Tunnel?

How to Configure Spanning Tree Protocol (STP) on Catalyst Switches?

Share This Post

Related Posts

  • Using IPQ4019 VS IPQ4018 as an example – how to choose a suitable WiFi solution for IIOT?

    Using IPQ4019 VS IPQ4018 as an example – how to choose a suitable WiFi solution for IIOT?

  • Cisco GLC-LH-SMD SFP Transceiver Module: Seamless Connectivity for Your Network

    Cisco GLC-LH-SMD SFP Transceiver Module: Seamless Connectivity for Your Network

  • Spending on cloud computing and storage infrastructure will increase by nearly 15% year-on-year in Q1 2023

    Spending on cloud computing and storage infrastructure will increase by nearly 15% year-on-year in Q1 2023

  • What’s the Difference between HTTPS Port 443 and Port 8443?

    What’s the Difference between HTTPS Port 443 and Port 8443?

Post Comment