Network Address Translation (NAT)/ Port Address Translation (PAT) Configuration (Cisco device):
Two types of NAT:
Static NAT: to map one to one IP address (public ip to privet ip)
Step 1: (Configure)
Router>enable
Router#configure terminal
Router(config)#ip nat inside source static 192.168.110.2 209.165.100.7 (For All Services)
OR
Router(config)#ip nat inside source static tcp 192.168.110.2 8011 222.238.21.16 8011 extendable (Port base static nat)
OR
Router(config)#ip nat inside source static tcp 192.168.110.2 8011 222.238.21.16 8011 extendable (Port base static nat)
Step 2: (Apply)
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside >> Privet site network for the router
Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside >> Public site network for the router
Dynamic NAT/PAT: to map one to many or many to many IP address (public ip to privet ip).
Step 1: (Create NAT pool)
Router>enable
Router#configure terminal
Router(config)#ip nat pool nat_test 209.165.100.4 209.165.100.6 netmask 255.255.255.252
>> create nat_test pool for public IP from 290.165.100.4 to 209.165.100.6 (3 public IP) leased by ISP (configure as your requirement).
Step 2: (Create ACL for which network or IP address you want to access internet)
Router>enable
Router#configure terminal
Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255
Router(config)#access-list 10 permit 172.16.0.0 0.0.255.255
Router(config)#access-list 10 permit 192.168.0.0 0.0.0.255
>> Create ACL (Standard, Extended) as your requirement
Step 3: (March NAT pool and ACL)
Router>enable
Router#configure terminal
Router(config)#ip nat inside source list 10 pool nat_test >> without PAT
Router(config)#ip nat inside source list 10 pool nat_test overload >> enable PAT
OR
Router(config)#ip nat inside source list 10 interface GigabitEthernet0/0 overload >> nat over Interface
OR
Router(config)#ip nat inside source list 10 interface GigabitEthernet0/0 overload >> nat over Interface
Step 4: (Apply)
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside >> Privet site network for the router
Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside >> Public site network for the router
Please apply NAT/PAT, depend on your network policy.
(Optional) Internet Service Provider (ISP) site Configuration: Your ISP configure static route to translate NAT/PAT.
Router>enable
Router#configure terminal
Router(config)#ip route 209.165.100.4 255.255.255.252 serial 0/0/1
>> here serial 0/0/1 is exit interface
Show Command:
Router#show ip nat translations >> Translation entries of NAT/PAT
Remove Static Nat Configuration:
Router# Clear ip nat translation * >> to clear nat translation
Router(config)#no ip nat inside source static 192.168.100.10 interface g0/0 >> to remove static nat
#Another Important thing is, you must configure “Default Route” in each router toward the ISP. Example:
Router>enable
Router#configure terminal
Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/1 or 224.100.100.25
>> exit interface or next hop IP address
Show Command:
Router#show ip nat translations >> Translation entries of NAT/PAT
Remove Static Nat Configuration:
Router# Clear ip nat translation * >> to clear nat translation
Router(config)#no ip nat inside source static 192.168.100.10 interface g0/0 >> to remove static nat
Gooooood job.......
ReplyDeleteI like your blog post. Keep on writing this type of great stuff. I'll make sure to follow up on your blog in the future.
ReplyDeleteNAT/PAT|
ISDN Configuration