How to NAT in Cisco 2800 Router

Answered Question
Feb 16th, 2011
User Badges:

I have 32 Static IP address and i want to NAT 7 IP address to access internet internally.the intenal ip range is 172.26.x.x.i like to know how to config this in 2800 router

Correct Answer by cadet alain about 6 years 1 month ago

Hi,


if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.


Hope this is clear enough.


To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping


Regards.


alain.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Azhar Munawar Wed, 02/16/2011 - 03:45
User Badges:

Its same method which we follow on old routers and its very simple you can do it easily.

Refrence document is really help you.

Still you need help do let us know.


Regards,

Azhar

blacktrack Wed, 02/16/2011 - 03:46
User Badges:

Hi,


Type this :


ip nat translation timeout 60
ip nat inside source static X.X.X.X Y.Y.Y.Y


where X.X.X.X is the local address and Y.Y.Y.Y the translated address



Regards



Hicham Azarou

interfacessalem Wed, 02/16/2011 - 04:47
User Badges:

Can u provide me the entire config how to nat


Internal IP range 172.16.x.x


external IP 117.240.23.96 to 127



we have select one IP and nat to 172 series for internet


kindly send me the cofig file

Correct Answer
cadet alain Wed, 02/16/2011 - 05:47
User Badges:
  • Purple, 4500 points or more

Hi,


if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.


Hope this is clear enough.


To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping


Regards.


alain.

interfacessalem Thu, 02/17/2011 - 06:41
User Badges:

this is the static IP provided by ISP 117.240.230.96 to 112.

117.240.230.98 is the gateway provided by ISP,



this is what we have created


# Int fa0/0

# ip address 117.240.230.96 255.0.0.0

#no shut

# exit


#Iint fa0/0

# ip nat outside

# exit


#int fa0/1

#ip address 172.16.1.1 255.255.0.0

#no shut

# exit


#int fa0/1

# ip nat inside

#exit


#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error


and can u correct the error and tell how to config overlaod

cadet alain Thu, 02/17/2011 - 07:13
User Badges:
  • Purple, 4500 points or more

Hi,


# Int fa0/0

# ip address 117.240.230.96 255.0.0.0


Your mask means you are supernetting so you should ask your ISP the mask but at a minimum it will be /24 ( 255.255.255.0)

The ISP gave you a range og 17 IPs so I would presume the mask should more than probably be greater than /24  and it

could be a /29( 255.255.255.248)


You don't have to exit from interface and then renter to configure nat inside/outside



#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error



You are configuring an extended ACL because the number is >= 100 and so the syntax asks you to enter ip or tcp or udp or icmp,etc

after the acl  permit or deny clause and furthermore you need to specify a dest address.

If you want to d simple nat overload then use a standard ACL


access-list 10 permit 172.16.0.0 0.0.255.255


Then for the overload:

ip nat inside source list 10 interface f0/0



Regards.



Alain.

Actions

This Discussion