Network Address Translation (NAT)

Masks private addresses behind a public address(es). There are three types of NAT:

 

NAT defines addresses in the following manner:

NAT Configuration

General

Ip nat [inside | outside]

Ip nat inside source [list (ACL# | ACL name) | route-map name][interface type # | pool name]

           [overload]

Ip nat inside destination list

Ip nat outside source

Ip nat pool MyPool 10.1.1.1 10.1.1.254 netmask 255.255.255.0

 

Static NAT Config

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

exit

ip nat inside source 10.1.1.2 200.1.1.2

ip nat inside source 10.1.1.1 200.1.1.1

 

Dynamic NAT Config

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

exit

ip nat pool mypool 200.1.1.1 200.1.1.2 netmask 255.255.255.242

ip nat inside source list 1 pool mypool

access-list 1 permit 10.1.1.2

access-list 1 permit 10.1.1.1

   

Dynamic NAT Config (extended access list)

Interface fa0/0

ip nat inside

exit

ip nat pool NAT 10.201.0.1 10.201.255.254 netmask 255.255.0.0

ip nat inside source list 120 pool NAT

access-list 120 permit ip 192.168.1.0 0.0.0.255 any

 

PAT Configuration (standard access list)

interface fa0/0

ip nat inside

interface s0/0

ip nat outside

exit

ip nat inside source list 1 interface serial0/0 overload

access-list 1 permit 10.1.1.0 0.0.0.255

 

NAT Exec Commands

show ip nat statistics

show ip nat translations [verbose]

clear ip nat translation [* | inside global-ip local-ip]

clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip

                      global ip]

debug ip nat