Here is Cisco basic NAT configuration and samples.
1. Basic configuration
– Access-list for pool of participant network
ex)
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
– NAT configuration outsiee (Static / pool)
ex)
ip nat pool WAN 192.168.77.201 192.168.77.201 prefix-length 30
– NAT configuration inside (Static / Dynamic)
ex)
ip nat inside source static 10.1.1.1 172.16.1.1
ip nat inside source list 100 interface serial0/0 overload
– Applying NAT on inside interface
ex)
interface gi0/0
ip nat inside
– Applying NAT on outside interfac
ex)
interface serial0/0
ip nat outside
2. Example- NAT Pool, Dynamic
– Public WAN IP : 192.168.77.18/30 (Serial0/0)
– Private LAN IP : 10.1.1.0/24
– Outside Interface : Serial 0/0
– Inside Interface : Gi0/0
Cisco_NAT(confg)# access-list 100 permit IP 10.1.1.0 0.0.0.255 any
Cisco_NAT(confg)# ip nat pool WAN 192.168.77.201 192.168.77.201 prefix-length 30
Cisco_NAT(confg)# ip nat inside source list 100 interface gi0/0 overload
Cisco_NAT(confg)# interface serial0/0
Cisco_NAT(confg-if)# ip nat outside
Cisco_NAT(confg-if)# interface gi0/0
Cisco_NAT(confg-if)# ip nat inside
3. Example- NAT Pool, Static
– Public WAN IP : 192.168.77.18/30 (Serial0/0)
– Private LAN IP : 10.1.1.1/24, 10.1.1.2/24, 10.1.1.1/24
– Outside Interface : Serial 0/0
– Inside Interface : Gi0/0
* Only above IPs are allowed to access public WAN
Cisco_NAT(confg)# ip nat pool WAN 192.168.77.201 192.168.77.201 prefix-length 30
Cisco_NAT(confg)# ip nat inside source static 10.1.1.1 192.168.77.18
Cisco_NAT(confg)# ip nat inside source static 10.1.1.2 192.168.77.18
Cisco_NAT(confg)# ip nat inside source static 10.1.1.3 192.168.77.18
Cisco_NAT(confg)# interface serial0/0
Cisco_NAT(confg-if)# ip nat outside
Cisco_NAT(confg-if)# interface gi0/0
Cisco_NAT(confg-if)# ip nat inside
4. Port Address Translation
; A service access from outside to inside. Outside PORT should be different for multiple inside service port.
– Public WAN IP : 192.168.77.18/30
– Private LAN IP & Service Port : 10.1.1.1/24 & http(80)
– Private LAN IP & Service Port : 10.1.1.2/24 & http(80)
– Private LAN IP & Service Port : 10.1.1.3/24 & https(443)
– Private LAN IP & Service Port : 10.1.1.4/24 & https(443)
Cisco_NAT(confg)# ip nat pool WAN 192.168.77.201 192.168.77.201 prefix-length 30
Cisco_NAT(confg)# ip nat inside source static tcp 10.1.1.1 80 192.168.77.18 80
Cisco_NAT(confg)# ip nat inside source static tcp 10.1.1.2 80192.168.77.18 8080
Cisco_NAT(confg)# ip nat inside source static tcp 10.1.1.3 443 192.168.77.18 443
Cisco_NAT(confg)# ip nat inside source static tcp 10.1.1.4 443 192.168.77.18 8443
Cisco_NAT(confg)# interface serial0/0
Cisco_NAT(confg-if)# ip nat outside
Cisco_NAT(confg-if)# interface gi0/0
Cisco_NAT(confg-if)# ip nat inside
4. Verifying
Cisco_NAT#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.77.201:123 10.1.1.2:123 128.9.176.30:123 128.9.176.30:123
udp 192.168.77.201:123 10.1.1.2:123 129.6.15.28:123 129.6.15.28:123
udp 192.168.77.201:123 10.1.1.2:123 129.6.15.29:123 129.6.15.29:123
udp 192.168.77.201:123 10.1.1.2:123 199.7.177.206:123 199.7.177.206:123
icmp 192.168.77.201:1 10.1.1.11:1 8.8.8.8:1 8.8.8.8:1
5. Troubleshooting
debug ip packet
debug ip nat
Being updated
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
