cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10290
Views
5
Helpful
8
Replies

How to NAT in Cisco 2800 Router

interfacessalem
Level 1
Level 1

I have 32 Static IP address and i want to NAT 7 IP address to access internet internally.the intenal ip range is 172.26.x.x.i like to know how to config this in 2800 router

1 Accepted Solution

Accepted Solutions

Hi,

if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.

Hope this is clear enough.

To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping

Regards.

alain.

Don't forget to rate helpful posts.

View solution in original post

8 Replies 8

Marcel Zehnder
Spotlight
Spotlight

Hi

Have a look at the cisco webpage - there you'll find a lot of configuration examples.

For example: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic3

Azhar Munawar
Level 1
Level 1

Its same method which we follow on old routers and its very simple you can do it easily.

Refrence document is really help you.

Still you need help do let us know.

Regards,

Azhar

blacktrack
Level 1
Level 1

Hi,


Type this :

ip nat translation timeout 60
ip nat inside source static X.X.X.X Y.Y.Y.Y

where X.X.X.X is the local address and Y.Y.Y.Y the translated address

Regards

Hicham Azarou

Can u provide me the entire config how to nat

Internal IP range 172.16.x.x

external IP 117.240.23.96 to 127

we have select one IP and nat to 172 series for internet

kindly send me the cofig file

Hi,

if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.

Hope this is clear enough.

To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping

Regards.

alain.

Don't forget to rate helpful posts.

this is the static IP provided by ISP 117.240.230.96 to 112.

117.240.230.98 is the gateway provided by ISP,

this is what we have created

# Int fa0/0

# ip address 117.240.230.96 255.0.0.0

#no shut

# exit

#Iint fa0/0

# ip nat outside

# exit

#int fa0/1

#ip address 172.16.1.1 255.255.0.0

#no shut

# exit

#int fa0/1

# ip nat inside

#exit

#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error

and can u correct the error and tell how to config overlaod

Hi,

# Int fa0/0

# ip address 117.240.230.96 255.0.0.0

Your mask means you are supernetting so you should ask your ISP the mask but at a minimum it will be /24 ( 255.255.255.0)

The ISP gave you a range og 17 IPs so I would presume the mask should more than probably be greater than /24  and it

could be a /29( 255.255.255.248)

You don't have to exit from interface and then renter to configure nat inside/outside

#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error

You are configuring an extended ACL because the number is >= 100 and so the syntax asks you to enter ip or tcp or udp or icmp,etc

after the acl  permit or deny clause and furthermore you need to specify a dest address.

If you want to d simple nat overload then use a standard ACL

access-list 10 permit 172.16.0.0 0.0.255.255

Then for the overload:

ip nat inside source list 10 interface f0/0

Regards.

Alain.

Don't forget to rate helpful posts.

Hi,

I just follow all the step but no internet, I can ping the ISP gateway but I cannot ping the computer in the network! from the computer in network I can ping the router port (local gateway).

 

Any advice? is there any problem with ACL?

 

Bellow the result of Sh run

 


Angola#sh run
Building configuration...

Current configuration : 1465 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Angola
!
boot-start-marker
boot-end-marker
!

aaa session-id common
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
!
!
ip domain name XXXX.org
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FHK1131F1C9
username XXXX password 0 XXXX
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 160.242.20.XX 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255

!
control-plane

line con 0
line aux 0
line vty 0 4
password XXXXX
transport input ssh
!
scheduler allocate 20000 1000
end

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: