Thursday, June 9, 2011

Network Address Translation (NAT) Port Address Translation (PAT) Configuration

Network Address Translation (NAT)/ Port Address Translation (PAT) Configuration (Cisco device):

Two types of NAT:

Static NAT: to map one to one IP address (public ip to privet ip)
Step 1: (Configure)
Router>enable
Router#configure terminal

Router(config)#ip nat inside source static 192.168.110.2 209.165.100.7 (For All Services)
OR
Router(config)#ip nat inside source static tcp 192.168.110.2 8011 222.238.21.16 8011 extendable (Port base static nat)

Step 2: (Apply) 
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside        >> Privet site network for the router

Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside      >> Public site network for the router


Dynamic NAT/PAT:  to map one to many or many to many IP address (public ip to privet ip).

Step 1:  (Create NAT pool)
Router>enable
Router#configure terminal

Router(config)#ip nat pool nat_test 209.165.100.4 209.165.100.6 netmask 255.255.255.252  
>> create nat_test pool for public IP from 290.165.100.4 to 209.165.100.6 (3 public IP) leased by ISP (configure as your requirement).

Step 2: (Create ACL for which network or IP address you want to access internet)
Router>enable
Router#configure terminal

Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255
Router(config)#access-list 10 permit 172.16.0.0 0.0.255.255
Router(config)#access-list 10 permit 192.168.0.0 0.0.0.255

>> Create ACL (Standard, Extended) as your requirement

Step 3: (March NAT pool and ACL)
Router>enable
Router#configure terminal

Router(config)#ip nat inside source list 10 pool nat_test  >> without PAT
Router(config)#ip nat inside source list 10 pool nat_test overload >> enable PAT
OR
Router(config)#ip nat inside source list 10 interface GigabitEthernet0/0 overload  >> nat over Interface
Step 4: (Apply)
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside        >> Privet site network for the router

Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside      >> Public site network for the router

Please apply NAT/PAT, depend on your network policy.

(Optional) Internet Service Provider (ISP) site Configuration: Your ISP configure static route to translate NAT/PAT.

Router>enable
Router#configure terminal

Router(config)#ip route 209.165.100.4 255.255.255.252 serial 0/0/1
>>  here serial 0/0/1 is exit interface


#Another Important thing is, you must configure “Default Route” in each router toward the ISP. Example:

Router>enable
Router#configure terminal
Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/1 or 224.100.100.25
>> exit interface or  next hop IP address

Show Command:
Router#show ip nat translations  >> Translation entries of NAT/PAT


Remove Static Nat Configuration:
Router# Clear ip nat translation *  >> to clear nat translation
Router(config)#no ip nat inside source static 192.168.100.10 interface g0/0 >> to remove static nat


2 comments:

  1. I like your blog post. Keep on writing this type of great stuff. I'll make sure to follow up on your blog in the future.
    NAT/PAT|
    ISDN Configuration

    ReplyDelete