Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

How to configure static nat on cisco routers

29.576 Aufrufe

Veröffentlicht am

How to Configure Static NAT on Cisco Routers? More details...

Veröffentlicht in: Technologie

How to configure static nat on cisco routers

  1. 1. How to Configure Static NAT on Cisco Routers?Network Address Translation (NAT) is an operation by which source and/ordestination IP addresses within a packet are replaced with different IP addresses.NAT conserves available IP address space by allowing many private IP addresses to berepresented by some smaller number of public IP addresses. Private IP addresses aredefined in RFC 1918 and are addresses that cannot be used on the Internet. NAT ismost commonly performed by routers or firewalls; however this tutorial focuses onNAT within Cisco routers. NAT can be performed both statically and dynamically.Static NAT simply maps one private IP address to a single public IP address, and this isthe flavor of NAT we are discussing in this tutorial.A Cisco router performing NAT divides its universe into the inside and the outside.Typically the inside is a private enterprise, and the outside is the public Internet. Inaddition to the notion of inside and outside, a Cisco NAT router classifies addressesas either local or global. A local address is an address that is seen by devices on theinside, and a global address is an address that is seen by devices on the outside.Given these four terms, an address may be one of four types:1. Inside local addresses are assigned to inside devices. These addresses are notadvertised to the outside.2. Inside global are addresses by which inside devices are known to the outside.3. Outside local are addresses by which outside devices are known to the inside.4. Outside global addresses are assigned to outside devices. These addressesare not advertised to the inside.Let’s jump right into NAT configuration on a Cisco router as shown in the Figurebelow:R1 is the router performing Network Address Translation (NAT) and has two
  2. 2. interfaces: Fa0/0 on the inside and Fa0/1 on the outside. The specific IP addressesinvolved are:Table 1 NAT Addresses for Figure AboveNAT Address Type IP AddressInside local global local global probably know very well how to configure IP addresses on router interfaces, sowe skip those configuration steps and move straight to the interesting stuff. First, wehave to assign Fa0/0 as NAT inside interface and Fa0/1 as NAT outside interface on R1.This would tell the router that interesting traffic entering or exiting these twointerfaces will be subject to address translation.R1#conf termEnter configuration commands, one per line. End with CNTL/Z.R1(config)#interface Fa0/0R1(config-if)#ip nat insideR1(config-if)#interface Fa0/1R1(config-if)#ip nat outsideR1(config-if)#endNow we would tell the router how to perform address translation and mention whichIP addresses (source or destination) to re-write in packets moving between the insideand outside interfaces. Here we go:R1(config)#ip nat inside source static, we are telling the router to perform NAT on packets coming into the router onthe inside interface Fa0/0. More specifically the router would identify which of thesepackets have a source IP address of and would change it to forwarding the packet out the outside interface Fa0/1. Similarly, returnpackets coming in at outside interface Fa0/1 would undergo translation ofdestination IP address.Let’s now verify if NAT is actually working as it is supposed to work. There are acouple of very useful Cisco IOS commands that can be used to do just that.Command show ip nat statisticsdisplays the number of static and dynamic NATtranslations, inside and outside interfaces, and the number of hits and misses.R1#show ip nat statisticsTotal active translations: 1 (1 static, 0 dynamic; 0 extended)Outside interfaces:FastEthernet0/1Inside interfaces:
  3. 3. FastEthernet0/0Hits: 0 Misses: 0CEF Translated packets: 0, CEF Punted packets: 0Expired translations: 0Dynamic mappings:Appl doors: 0Normal doors: 0Queued Packets: 0Command show ip nat translations displays the IP addresses for NAT translations.R1#show ip nat translationsPro Inside global Inside local Outside local Outside global— — —As you see in the above output, we have one NAT entry configured with Insideglobal address and Inside local address specified. Outsidelocal and Outside globaladdresses are blank because our NAT configuration does notchange those addresses.Let’s now go to the PC and ping the Server before running the command show ip nattranslations again to see if it makes any difference.R1#show ip nat statisticsTotal active translations: 2 (1 static, 1 dynamic; 1 extended)Outside interfaces:FastEthernet0/1Inside interfaces:FastEthernet0/0Hits: 10 Misses: 0CEF Translated packets: 10, CEF Punted packets: 0Expired translations: 0Dynamic mappings:Appl doors: 0Normal doors: 0Queued Packets: 0R1#show ip nat translationsPro Inside global Inside local Outside local Outside globalicmp— — —As you can see in the above output, NAT is active as manifested by the appearance ofan additional dynamic entry for ICMP protocol and some additional hits,corresponding to our ping attempt from PC to Server.
  4. 4. We just configured and verified a simple NAT scenario translating only the source ordestination (not both at the same time) IP addresses of packets moving betweeninside and outside interfaces. This sort of NAT configuration is called static NAT as asingle inside local IP address is statically mapped to a single outside local IP address.Another important feature of NAT is static Port Address Translation (PAT). Static PAT isdesigned to allow one-to-one mapping between local and global addresses. Acommon use of static PAT is to allow Internet users from the public network to accessa Web server located in the private network.Let’s assume we intend to host a Web server on the inside on the same PC, that hasan IP address The following configuration line would allow us to do justthat:R1(config)#ip nat inside source static tcp 80 80This configuration line performs the static address translation for the Web server.With this configuration line, users that try to reach port 80 (www) areautomatically redirected to port 80 (www). In our case, isthe IP address of the PC which is also the Web server. This configuration can beverified using the same two NAT verification commands: show ip nattranslations and show ip nat statistics.Notice that the address with port number 80 (HTTP) translates to192.168.1.2 port 80, and vice versa. Therefore, Internet users can browse the Webserver even though the Web server is on a private network with a private IP address.More Related NAT Tips:How to Configure Basic NAT with Overloading?How to Configure Static NAT for Inbound Connections?How to Configure NAT in Cisco IOS?How to Set up NAT Using the Cisco IOS?