Static NAT for a complete subnet

Answered Question
Nov 11th, 2009

Hi,

Is it possible to statically NAT a complete subnet?

I have a need to NAT 10.10/16 to 172.168/16 where 10.10.x.y is NAT to 172.16.x.y.

How can this be done?


Rgds,

Elil

Correct Answer by adamclarkuk_2 about 7 years 3 months ago

Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)


Wan interface

-------------

interface FastEthernet0/0

ip address 172.16.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex half

end


Lan interface

-------------

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

end


NAT statement

-------------

R1#sh run | inc ip nat

ip nat outside

ip nat inside

ip nat inside source static network 10.10.0.0 172.168.0.0 /24


I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2


Results of show ip nat translations

R1#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4

--- 172.168.0.1 10.10.0.1 --- ---

icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5

--- 172.168.0.2 10.10.0.2 --- ---

--- 172.168.0.0 10.10.0.0 --- ---


Output of debug ip icmp on destination router

*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1

*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2


HTH


Correct Answer by Giuseppe Larosa about 7 years 3 months ago

Hello Elil,

yes it is possible the


ip nat source static command accepts a network option


this can be very handy in some migration scenarios

p nat inside source static network local-network global-network mask [extendable | no-alias | no-payload | mapping-id map-id | redundancy group-name | vrf name]


see


http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696



Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Giuseppe Larosa Wed, 11/11/2009 - 09:49

Hello Elil,

yes it is possible the


ip nat source static command accepts a network option


this can be very handy in some migration scenarios

p nat inside source static network local-network global-network mask [extendable | no-alias | no-payload | mapping-id map-id | redundancy group-name | vrf name]


see


http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696



Hope to help

Giuseppe


elilraj07 Wed, 11/11/2009 - 13:15

Thanks Giuseppe,

This is exactly what i was looking for.





Rgds,

Elil

Correct Answer
adamclarkuk_2 Wed, 11/11/2009 - 11:28

Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)


Wan interface

-------------

interface FastEthernet0/0

ip address 172.16.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex half

end


Lan interface

-------------

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

end


NAT statement

-------------

R1#sh run | inc ip nat

ip nat outside

ip nat inside

ip nat inside source static network 10.10.0.0 172.168.0.0 /24


I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2


Results of show ip nat translations

R1#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4

--- 172.168.0.1 10.10.0.1 --- ---

icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5

--- 172.168.0.2 10.10.0.2 --- ---

--- 172.168.0.0 10.10.0.0 --- ---


Output of debug ip icmp on destination router

*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1

*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2


HTH


elilraj07 Wed, 11/11/2009 - 13:14

Thanks Adam,

This is exactly what I was looking for.


Rgds,

Elil

Actions

This Discussion