Dynamic NAT sample configuration
Dynamic NAT: You have a number of public IP addresses, and you allocate them to hosts. Might be used where you have, say 10 Ips and 15 hosts, who are not using the system all the time, so the average use is 10.
Here we are pretending that 192.168.254.100 to 200 are our public address allocation.
Commands based on the setup above.
- Defining inside local and inside global
Conf t
Int fa0/0
Ip nat outside
Exit
Int fa0/1
Ip nat inside
Exit
- Create pool of Public IP addresses (we are creating a range 100 to 200)
Conf t
Ip nat pool anynameyouwant 192.168.254.100 192.168.254.200 prefix-length 29
- Create ACL that includes the local private internal hosts, in this case 192.168.1.2 to 254
Access-list 100 permit ip 192.168.1.0 0.0.0.255 any
Then apply it to the NAT pool
Ip nat inside source list 100 pool anynameyouwant
To confirm:
Sh ip nat translations. This will not show anything unless the host has requested web services.
________________________________________________________________________
Sample Static NAT.
Router IP: 192.168.254.2 (Could be a public IP address, but done on a test inside a LAN, this was the gateway.) LAN IP range 192.168.254.1 -254
Pretend LAN IP subnet: 192.168.1.0/24 Connect to fa0/0
Configure LAN so that a host can connect to the router on fa0/1
IP for inside global:
Conf t
Int fa0/0
Ip address 192.168.254.107 255.255.255.0
No shut
Ip nat outside
IP for inside local:
Conf t
Int fa0/1
Ip address 192.168.1.1 255.255.255.0
No shut
Ip nat inside
Create a route out to the net:
Ip route 0.0.0.0 0.0.0.0 192.168.254.2
Set up DNS lookup
Ip domain-lookup
Ip name-server 8.8.8.8
Now, configure NAT
Ip nat inside source static 192.168.1.2 192.168.254.107 [Note here we are using the address of the HOST, not the ip address of the router. If you use the IP of the router,it will work, but you could connect other hosts as well, thereby making it a one to many]
To verify:
Sh ip nat translations
You still won’t be able to connect to the web from your host. You need an ACL
Access list 1 permit any
Then apply it to the interface:
Ip nat inside source list 1 int fa0/0
You should then be connected to the web via the router, using GNS3 here as the lab software.
——————————————————————————————————————–
Sample NAT Overload and PAT
PAT is also called one way NAT. Based on the configuration below.
In this case we are pretending that 192.168.254.107 is a public IP address, and we have only one
- Define the inside global and inside local addresses
Conf t
Int fa0/0
Ip nat outside
Exit
Int fa0/1
Ip nat inside
Exit
- Tell your router which is or are your outside addresses to be translated – the pool.
Ip nat pool anynameyoulike 192.168.254.107 192.168.254.107 prefix 24
- Tell yor router which IP address it can translate by creating an access list and then combining it with the NAT.
Access-list 1 permit any
Ip nat inside source list 1 pool anynameyoulike overload
To test, set up a default in the router, and ip domain-lookup so it can find its way out on to the internet:
Conf t
Ip domain-lookup
Ip name-server 8.8.8.8
Ip route 0.0.0.0 0.0.0.0 192.168.254.2
NAT overload should now be working, and you should be able to get on the internet from a connected host.
Configure PAT, or one way NAT, otherwise known as port forwarding.
You have a host with the address 192.168.1.10 and you want to configure it as terminal service host.
Ip nat inside source static tcp 192.168.1.10 3389 int fa0/0 (the outside interface) 3389