NAT- Network Address Translation
1 like477 views
The document explains three types of Network Address Translation (NAT) configured on Cisco routers: static NAT, dynamic NAT, and Port Address Translation (PAT). It details the configuration steps for each type, including interface setup and address mappings. The document also defines the different terms related to NAT, such as inside local, inside global, outside local, and outside global.
NAT- Network Address Translation
- 1. E m a d A l - A t o u m P a g e 1 | 2 Configuring Network Address Translation There are three main types of NAT that can be configured on a Cisco router. Here’s what they are and how to configure them. The example configurations will use the following topology: A. Static NAT When we configure static NAT we want to translate our private IP addresses to a set of public IP addresses on a 1-to-1 basis. This means we need to have the same number of public IP addresses as the number of private IP addresses that we wish to translate. In this example we will configure the inside local address of 192.168.1.1 to the inside global address of 194.72.164.226. First we configure the interfaces (which is inside and outside according to our NAT needs). Fa0/0 is the inside (192.168.1.254) and Fa0/1 is the outside (194.72.164.225): router#conf t router(config)#int fa0/0 router(config-if)#ip nat inside router(config-if)#int fa0/1 router(config-if)#ip nat outside Then we configure the static mappings: router(config)#ip nat inside source static 192.168.1.1 194.72.164.226 B. Dynamic NAT Dynamic NAT is similar to static NAT but it allows a pool of outside IP addresses to be used dynamically. This is good because you don’t have to statically map an inside IP address to an outside IP address but it is bad because you can only use the number of outside IP addresses that you have been allocated. Once the outside IP addresses are in use any additional incoming packets will not be translated. Configuring dynamic NAT is slightly more complicated. Like static NAT we configure the interfaces first: router#conf t router(config)#int fa0/0 router(config-if)#ip nat inside router(config-if)#int fa0/1 router(config-if)#ip nat outside Then we configure the pool of outside IP addresses we want to use (we have 14 in our example). This is fairly straightforward, we give the pool a name and assign the IP addresses to the pool, as well as the network mask: router(config)#ip nat pool myPool 194.72.164.225 192.72.164.239 netmask 255.255.255.240 Then we configure the access list to define which addresses we want to translate: router(config)#ip access-list 1 permit 192.168.1.0 0.0.0.255 Finally configure NAT, specifying our source list and the pool we want to use dynamically: router(config)#ip nat inside source list 1 pool myPool Terms: Inside Local - The IP address of a host on the inside network (usually a private IP address). Inside Global - The IP address of the host on the inside network as seen from the outside network (usually a public IP address). Outside Local - The IP address of the host on the outside network (usually a public IP address). Outside Global - The IP address of the host on the outside network as seen from the inside network (rarely used).
- 2. E m a d A l - A t o u m P a g e 2 | 2 C. Port Address Translation (NAT Overload) Port address translation (PAT) is probably the most common type of NAT used. PAT is how most ‘home grade’ routers handle the translation of private IP addresses to the public IP addresses used on the internet. PAT translates many inside local IP addresses to a single inside global IP address (194.72.164.225) by altering the source port of the outbound TCP/UDP segments. The router keeps a reference to the translations it has made and changes them back to what they were before translation on return from the internet. Again we configure the interfaces: router#conf t router(config)#int fa0/0 router(config-if)#ip nat inside router(config-if)#int fa0/1 router(config-if)#ip nat outside Then we configure the access list to define which addresses we want to translate: router(config)#ip access-list 1 permit 192.168.1.0 0.0.0.255 Finally configure NAT, specifying our source list and the interface on which to overload (PAT): router(config)#ip nat inside source list 1 interface fa0/1 overload To see the translations in the table simply issue the following command: router#show ip nat translations