Back to Cisco Subnet

Brad Reese on Cisco

by Brad Reese

Previous Article Next Article

How to configure NAT

By Brad Reese on Thu, 07/17/08 - 6:58pm.

Share
Tweet This
Email this page
Comment
Print

Network Address Translation (NAT) replaces IP addresses within a packet with different IP addresses.

NAT is very useful in these instances:

	Conserving IP address space.
	Implementing TCP load distribution.
	Connecting networks with overlapping addresses.
	During network migration, which involves the renumbering of nodes.
	Connecting a private network using an unregistered address to a public network like the Internet.
	Distributing other Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) based services.

A router configured for NAT maintains a translation table that has the mapping between the addresses used in the translation.

Configuring NAT involves identifying the NAT inside and NAT outside interfaces, then configuring the way the addresses are to be translated, depending on the requirement.

A router configured with NAT translates only traffic that is forwarded between the inside and outside interfaces, and the flow that matches the criteria specified for translation.

Traffic that does not meet these conditions is forwarded without any translation.

To configure the inside and outside interfaces, issue the ip nat inside and ip nat outside commands under the respective interfaces.

A static NAT configuration creates a one-to-one mapping and translates a specific address to another address.

This type of configuration creates a permanent entry in the NAT table, as long as the configuration is present and is useful when users on both inside and outside networks need to initiate a connection.

To configure static NAT, issue the ip nat inside source static or ip nat outside source static commands in global configuration mode, depending on where the host is located.

Static NAT can also be used to redirect traffic using a particular port to a different port on a host.

This is helpful when the users belonging to the inside network use a particular port number to access a particular application (like a web server) available on the inside or outside network.

The same application is accessed by users from the outside network using a different port number.

To redirect traffic to a different port, issue the ip nat inside source {static {tcp|udp local-ip local-port global-ip global-port} [extendable] or ip nat outside source {static tcp|udp global-ip global-port local-ip local-port} [extendable] commands in global configuration mode, depending on whether the inside or outside network is available.

Another type of configuration is dynamic NAT, which is useful when a limited number of addresses is available instead of the actual number of hosts to be translated.

The addresses used for translation are configured by issuing the ip nat pool command in global configuration mode.

The hosts to be translated are specified by issuing the access-list command or match statements in the route-map command.

The pool and the list of hosts to be translated are linked together by issuing the ip nat inside source list name pool name command or the ip nat inside source route-map name pool name command in global configuration mode.

The command can be issued for an outside network by replacing the keyword "inside" with "outside".

Dynamic NAT creates an entry in the NAT table, when the host initiates a connection and establishes a one-to-one mapping between the addresses.

But the mapping could vary depending on the address available in the pool at the time of communication.

Dynamic NAT allows sessions to be initiated from inside or outside networks for which it is configured.

Dynamic NAT entries are removed from the translation table if the host does not communicate for a specific period of time, which is configurable, and the address is returned to the pool for use by another host.

Another form of dynamic translation is overloading or Port Address Translation (PAT), which allows many hosts to be mapped to a single address at the same time.

When PAT is configured, the router makes use of the source port numbers to distinguish the sessions from different hosts.

PAT creates an extended translation entry in the NAT table by including the protocol as well as the port information.

PAT is configured by adding the overload option to the dynamic NAT configuration command, which binds the hosts and the pool.

Static and dynamic NAT can be configured simultaneously when it is required.

This occurs in cases where many addresses are not available for translation, and certain devices must be statically configured for NAT at the same time.

For more information on configuring NAT refer to these documents:

NAT: Local and Global Definitions

Configuring Static and Dynamic NAT Simultaneously

Configuring Network Address Translation: Getting Started

View more Cisco How-To Tutorials

http://www.BradReese.Com

Search 54,082 current Cisco Job openings worldwide!


	Cisco CCIE number reached 21419 on July 8th, 2008
	Cisco vs. Nortel: Who's the customer support champ?
	Cisco consummates agreement with legendary reseller CXtec
	Cisco resume tips
	Silver lining in Cisco stock decline: Tough times help Cisco gain market share
	Brad Reese on Cisco Story Archives