Skip to main content

NAT

Configuring static NAT and NAT and PAT pools on a cisco device.

Features​

  • Outgoing traffic:
    • Replaces inside local IP and port with inside global IP and unique port
  • Incoming responses:
    • Translates inside global IP and port back to the original inside local IP and port
  • Session mapping:
    • Creates a translation entry for each new session
    • Utilizes NAT table for bidirectional flow handling

Terminology​

  • NAT: Network address translation (assign different global addresses on hosts)
  • PAT: Port address translation (multiple hosts using the same global address / address pool)

Configuration​

Basic​

! Define outside interface(s) (facing to the internet)
interface GigabitEthernet0/1
  ip nat outside

! Define inside interface(s) (origin of traffic)
! Can also be VLAN interfaces
interface GigabitEthernet0/0.10
  encapsulation dot1Q 10
  ip address 192.168.10.1 255.255.255.0
  ip nat inside
  no shutdown
interface GigabitEthernet0/0.20
  encapsulation dot1Q 20
  ip address 192.168.20.1 255.255.255.0
  ip nat inside
  no shutdown

Static NAT​

! Assign a global IP to a local device
ip nat inside source static 192.168.20.5 213.174.240.143

Dynamic NAT​

Define translated hosts​

! The ACL defines, which source addresses get translated
ip access-list extended nat-inside-in
  permit ip 192.168.10.0 0.0.0.255 any
  permit ip 192.168.20.0 0.0.0.255 any

PAT on one output interface​

ip nat inside source list nat-inside-in interface GigabitEthernet0/1 overload

NAT/PAT with address pool​

ip nat pool my-nat-pool 213.174.240.128 213.174.240.142 netmask 255.255.255.240

! Either do NAT
ip nat inside source list nat-inside-in pool my-nat-pool
! or PAT with overload
ip nat inside source list nat-inside-in pool my-nat-pool overload

Evaluation​

! Show current translations
show ip nat translations

Example output​

Pro  Inside global            Inside local       Outside local      Outside global
icmp 11.174.231.225:1         10.40.0.2:1        11.174.231.226:1   11.174.231.226:1
icmp 11.174.231.225:5         10.40.0.1:5        11.174.231.226:5   11.174.231.226:5
icmp 11.174.231.225:8         10.40.0.1:8        11.174.231.226:8   11.174.231.226:8