cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
781
Views
15
Helpful
14
Replies

NAT

cisconoval
Level 1
Level 1

Hi All

I am struck up with NAT while configuring the router.

The issue is, there are 3 different subnet in my LAN. I wanna NAT all these IP like this.

ip nat inside source static 10.10.10.1 172.16.131.1

ip nat inside source static 10.10.10.2 172.16.131.2

ip nat inside source static 10.10.10.3 172.16.131.3

ip nat inside source NATME interface serial 0 overload

access-list permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1

!

int s0/0

ip nat outside

!

int fa0/0

ip nat inside

From the above config, I wanna do Static NAT for 10.10.10.1, 2 & 3 and dynamic NAT for rest of the IPs in the same subnet.

Please clarify me that if the above NAT is correct? as I am implementing in live n/w I wanna clear myself on this.

Thanks in Adv

14 Replies 14

mohammedmahmoud
Level 11
Level 11

Hi,

As a rule, in static NAT, a translation is statically configured and is placed in the translation table without the need for any traffic, and they remain in the translation table until you delete the static NAT command(s). While with dynamic NAT, the translation table in the router is initially empty and gets populated once traffic that needs to be translated passes through the router, also dynamic translations have a timeout period after which they are purged from the translation table.

So your configuration should work properly.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Hi Mohammed

To be honest that's what i thought until i read the FAQ. Do you have this working in a production environment ?

If so i guess the FAQ is a but outdated. If not i could do quick test in our lab.

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Hi

From the Cisco FAQ on NAT

=============================================

Q. Is it possible to build a configuration with both static and dynamic NAT translations?

A. Yes, this is possible. The caveat that the global addresses use in static translations are not automatically excluded with dynamic pools that contain those global addresses. You must create your dynamic pools to exclude addresses assigned via static entries.

=============================================

So i think you should exclude the first 3 addresses from your global pool.

HTH

Jon

hi Jon,

According to this document it can be done without the exclusion, but i'll check it for more certainty:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH,

Mohammed Mahmoud.

Hi Mohammed

Yep, just tested it in our lab and it looks like you can do it without the exclusion so 5 points winging their way to you !!!

Jon

mahmoodmkl
Level 7
Level 7

Hi

I dnot see any nat pool configured.

what is the range of u r ips.

what is NATME..?

there are no ip address on u r interfaces.

Thanks

Mahmood

Hi Mohamood

Here NATME is the extended ACL name. here I have given the fake IP address of the interface..

I need the static translation for first three IPs

ip nat inside source NATME interface serial 0 overload

access-list extended NATME permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1

!

int s0/0

ip address 1.1.1.1 255.255.2555.0 (Duplicate IP)

ip nat outside

!

int fa0/0

IP address 10.10.10.200 255.255.255.0

ip nat inside

There is no IP pool, instead of that I am using the serial interface with overload. will this NAT config work as I expected...?

Please clarify me..its bit urgent..

Thanks

hi,

According to this document it can be done without the exclusion, any way i'll try to test it for you.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH, please do rate all helpful replies,

Mohammed Mahmoud

Yes mohammed, I read this link...in this it was configured with IP Pool. But I need to do the same with interface...is it possible..

it would be greatful If you can do a test for me...

thanks

Hi

Mohammed is dead right in this instance. I have just tested in our lab and you can use your config as suggested so it looks like the NAT FAQ is somewhat out of date.

Yes you can do it with the interface as this is what i tested in the lab

HTH

Jon

Hi Jon & Mohammed

Thanks for your help. Let me try the same in real network..now..

Hi Jon,

I've just tested also my self, and its running, as you said it seems that this FAQ is outdated.

HTH,

Mohammed Mahmoud.

hi,

You are welcomed, please never hesitate for any further questions.

HTH,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco