Wednesday, January 9, 2013

Configuring (Overloading) NAT in Cisco IOS.

NAT (Network Address Translation), it in simple terms translates an IP address into another. Network Address Translation is of different types like

Static NAT (One to One)
Dynamic NAT (Many to Many)
Overloading (Many to One)

The purpose of NAT is to hide the private IP addresses of a client in order to reserve the public address space. For example a complete network with 254 hosts can have 254 private IP addresses and still be visible to the outside world (internet) as a single IP address. Other benefits include security and economical usage of IP address ranges.
The following will focus on the Overloading form of NAT. This is called Port Address Translation (PAT) or Network Address Port Translation (NAPT). NAT Overloading translates many private IP addresses from a Local Area Network (LAN) onto a single registered Public IP address. Here, the source IP and the source port get translated to the Public IP and a different source port.
Typical network configuration would be on an Internet Router which enables all the hosts in the LAN to connect to the Internet using one single Public IP address.
The following procedure will help you configure NAT Overload or Port Address Translation (PAT) in Cisco IOS:

NAT Inside Interface
Enable an interface on the router with an IP Address and mark it as nat inside interface. This is the interface that connects to your internal private network
Router(config)# int fastethernet0/1
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip nat inside
Enable NAT Outside Interface
Router(config)# int serial0/0/0
Router(config-if)# ip address 100.100.100.100 255.255.255.0
Router(config-if)# ip nat outside
Configure NAT Pool
This will be a pool of legal Public IPs that is bought by the organization. This could anything from one to many IP Address
Router(config)# ip nat pool NATPOOL 100.100.100.10 100.100.100.10 netmask 255.255.255.0
Note: NATPOOL is the name of the pool where addresses will be used from. This can be any name, don't get to complex with the naming.
This creates pool which has just one IP address. The syntax is
ip nat pool <pool name> startip endip {netmask netmask | prefix prefix-length}
Access List to Allow List of IP Addresses to NAT Translate
Router(config)# ip access-list 10 permit 192.168.1.0 0.0.0.255 
For more networks or hosts to overload the NAT pool simply add them to the access list
Router(config)# ip access-list 10 permit 192.168.2.0 0.0.0.255
Router(config)# ip access-list 10 permit 192.168.3.0 0.0.0.255
Instruct Router to NAT the Access list to the NATPool
Router(config)# ip nat inside source list 10 pool NATPOOL overload
If this is an internet configuration then ensure that a default route on the IP to the outside IP address or outside interface
Router(config)# ip route 0.0.0.0. 0.0.0.0 serial0/0/0
or
Router(config)# ip route 0.0.0.0 0.0.0.0 100.100.100.100

The NAT setup is complete.The router has been setup to translate LAN private IPs into the Internet public IPs.
To check the NAT status and statistics
Router# show ip nat statistics
To see the active translations
Router# show ip nat translations
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)