Solved: NAT: Difference between IP NAT INSIDE SOURCE & IP NAT SOURCE LIST

Rejohn Cuares · ‎08-19-2008

Hi!

I am confuse when to use these two commands

ip nat inside source

and

ip nat source list

When i use IP NAT INSIDE SOURCE users can access the internet but when i used the IP NAT SOURCE LIST no translation happen.

Also, after enabling IP NAT INSIDE SOURCE command telnet access to outside interface is not accessible.

Thanks in advance for your help.

Please rate replies and mark question as "answered" if applicable.

Richard Burts · ‎08-20-2008

Rejohn

And here is an explanation of the new command:

ip nat source

To enable Network Address Translation (NAT) on a virtual interface without inside or outside specification, use the ip nat source command in global configuration mode.

Here is a link with more detail for anyone who was more info:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1012829

So use ip nat inside source for normal (physical) interfaces and use ip nat source for virtual interfaces.

HTH

Rick

HTH

Rick

View solution in original post

Marwan ALshawi · ‎08-19-2008

with IP nat inside source list u need to difine an ACL defining the traffic to be considered as a nat source for examplelet say ur inside local lan is 192.168.1.0/24

do:

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

this way u can use source list like

ip nat inside source list 100 [and ur other config..]

with list u might exclude some IPs or network

for example if u want host 192.168.1.1 to not be nated this way will not use internet do

access-list 100 deny ip host 192.168.1.1 any

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

then apply it to ur nating statement with source list

please, if helpful Rate

Rejohn Cuares · ‎08-19-2008

Hi Marwanshawi.

thank you for your fast response. How about the IP NAT SOURCE LIST command? what is the difference between the two?

Please rate replies and mark question as "answered" if applicable.

Marwan ALshawi · ‎08-19-2008

the above description all about IP source list

as i mention

ip nat source list then put the ACL based on the descretions i have given to u

which gives u more control and let u selct exactly what to nat and what not

also helpful in VPN IPsec because sometimes u need some kind of traffic to be exmpted from the nat

the one with list nat the source without spesific details like with lits one and ACL

have a look at the following link will help u alot

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

good luck

please, if helpful Rate

ohassairi · ‎08-20-2008

as i know "ip nat source" does not exist.

what plateform and ios are you using?

lamav · ‎08-20-2008

The choice you're giving is wrong. Assuming the traffic that must be NATed is coming from behind the "inside" NAT interface, the choices you have are:

ip nat inside source list

OR

ip nat inside source static

The list option is exactly as Marwan described.

The static option is used when you want to statically define which source host addresses must be NATed.

Example:

ip nat inside source static 10.l0.10.50 172.16.2.1

HTH

Victor

Rejohn Cuares · ‎08-20-2008

lamav,

im asking when to use

IP NAT INSIDE SOURCE LIST

and

IP NAT SOURCE LIST

I am using Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T

3, RELEASE SOFTWARE (fc1).

Please rate replies and mark question as "answered" if applicable.

lamav · ‎08-20-2008

Go into config mode, type "ip nat" and then a "?" and show us the choices that you have.

Victor

Richard Burts · ‎08-20-2008

Victor

Here it is:

lab2(config)#ip nat ?

Stateful Stateful NAT configuration commands

create Create flow entries

inside Inside address translation

log NAT Logging

outside Outside address translation

pool Define pool of addresses

service Special translation for application using non-standard port

source Source address translation

translation NAT translation entry configuration

lab2(config)#ip nat source ?

list Specify access list describing local addresses

route-map Specify route-map

static Specify static local->global mapping

lab2(config)#ip nat source

HTH

Rick

HTH

Rick

Richard Burts · ‎08-20-2008

Rejohn

And here is an explanation of the new command:

ip nat source

To enable Network Address Translation (NAT) on a virtual interface without inside or outside specification, use the ip nat source command in global configuration mode.

Here is a link with more detail for anyone who was more info:

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1012829

So use ip nat inside source for normal (physical) interfaces and use ip nat source for virtual interfaces.

HTH

Rick

HTH

Rick

Richard Burts · ‎08-20-2008

Rejohn

I am glad that my response did resolve your question. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there was a response which did resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick

lamav · ‎08-20-2008

rick:

Cowabunga, dude!

LOL

I tried replicating that in my lab on a 7206 -- no dice.

Thanks

victor

Richard Burts · ‎08-20-2008

Victor

I believe that it is version dependent. According to the documentation this command was introduced in 12.3(14)T. Looks like your 7206 is earlier that than and my router is later than that.

HTH

Rick

HTH

Rick