How to configure static and dynamic NAT simultaneously

Document

Jun 17, 2009 10:15 PM
Jun 17th, 2009

Core Issue

Network Address Translation (NAT) replaces IP addresses within a packet with different IP addresses. It is useful for conserving IP address and connecting a private network using an unregistered address to a public network like the Internet. The two main types of NAT configurations are static and dynamic. 

A static NAT configuration creates a one-to-one mapping and translates a specific address to another address. This type of configuration creates a permanent entry in the NAT table as long as the configuration is present and enables both inside and outside hosts to initiate a connection. This is mostly useful for hosts that provide application services like mail, web, FTP and others.

Dynamic NAT is useful when fewer addresses are available than the actual number of hosts to be translated. It creates an entry in the NAT table when the host initiates a connection and establishes a one-to-one mapping between the addresses. However, the mapping could vary depending on the registered address available in the pool at the time of the communication. Dynamic NAT allows sessions to be initiated only from inside or outside networks for which it is configured. Dynamic NAT entries are removed from the translation table if the host does not communicate for a specific period of time which is configurable. The address is then returned to the pool for use by another host.

Another form of dynamic translation is overloading or Port Address Translation (PAT), which allows many hosts to be mapped to a single address at the same time. When PAT is configured, the router makes use of the source port numbers to distinguish the sessions from different hosts. PAT creates an extended translation entry in the NAT table by including the protocol as well as the port information. PAT is configured by adding the overload option to the dynamic NAT configuration command, which binds the hosts and the pool.

 

Static and dynamic NAT can also be configured simultaneously on the same device. This is necessary when hosts provide application services and when hosts that need to connect to the Internet share fewer valid IP addresses.

Resolution

A router configured for NAT maintains a translation table that has mapping between the addresses used in the translation. Configuring NAT involves identifying the NAT inside and NAT outside interfaces.

Perform these steps:

  1. To configure the inside and outside interfaces, issue the ip nat inside and ip nat outside commands under the respective interfaces.
  2. To configure static NAT, issue the ip nat inside source static or ip nat outside source static commands in global configuration mode, depending on where the host is located.
  3. To use static NAT for hosts providing specific services, include the protocol and port number. Issue the ip nat inside source {static tcp | udp local-ip local-port global-ip global-port}{extendable} command or the  ip nat outside source {static tcp | udp global-ip global-port local-ip local-port} {extendable} command in global configuration mode, depending on whether the inside or outside network is available.
  4. To configure dynamic NAT, identify the addresses used for translation by issuing the ip nat pool command in global configuration mode.
  5. To specify the hosts to be translated, issue the access-list, match or route-map command.
  6. Associate the pool and the list of hosts to be translated together by issuing the ip nat inside source list name pool name or ip nat inside source route-map name pool name command in global configuration mode. The command can be used for an outside network by replacing the keyword inside with outside.
  7. To configure Port Address Translation (PAT), which is another form of dynamic translation, issue the overload option along with this command. This command allows many hosts to share the same address simultaneously by enabling the NAT router to maintain the uniqueness of a session using the source port number.
  8. When static and dynamic NAT are configured together, static NAT takes precedence if a traffic flow matches both the configurations. Otherwise, dynamic NAT is used to create a new entry in the table and translate the traffic.

For a related configuration example, refer to Configuring Static and Dynamic NAT Simultaneously.

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 17, 2009 at 10:15 PM
Stats:
Comments:0 Avg. Rating:0
Views:2678 Contributors:0
Shares:0

Related Content

Documents Leaderboard