Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to NAT in Cisco 2800 Router

I have 32 Static IP address and i want to NAT 7 IP address to access internet internally.the intenal ip range is 172.26.x.x.i like to know how to config this in 2800 router

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: How to NAT in Cisco 2800 Router

Hi,

if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.

Hope this is clear enough.

To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping

Regards.

alain.

Don't forget to rate helpful posts.
7 REPLIES

Re: How to NAT in Cisco 2800 Router

Hi

Have a look at the cisco webpage - there you'll find a lot of configuration examples.

For example: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic3

New Member

Re: How to NAT in Cisco 2800 Router

Its same method which we follow on old routers and its very simple you can do it easily.

Refrence document is really help you.

Still you need help do let us know.

Regards,

Azhar

New Member

Re: How to NAT in Cisco 2800 Router

Hi,


Type this :

ip nat translation timeout 60
ip nat inside source static X.X.X.X Y.Y.Y.Y

where X.X.X.X is the local address and Y.Y.Y.Y the translated address

Regards

Hicham Azarou

New Member

Re: How to NAT in Cisco 2800 Router

Can u provide me the entire config how to nat

Internal IP range 172.16.x.x

external IP 117.240.23.96 to 127

we have select one IP and nat to 172 series for internet

kindly send me the cofig file

Purple

Re: How to NAT in Cisco 2800 Router

Hi,

if you want internet access  from your 172.16.x.x LAN then you can do NAT overload

1) you create an ACL telling your router which IP addresses must be natted

    access-list 10 permit 172.16.x.x 0.0.0.255  (this is the wildcard mask if you have a /24 subnet)

2) select inside and outside interfaces with the nat inside and nat outside commands on right interface

3) configure nat overload: ip nat inside source list 10 interface XX  where XX is the id of outside interface.

Hope this is clear enough.

To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping

Regards.

alain.

Don't forget to rate helpful posts.
New Member

Re: How to NAT in Cisco 2800 Router

this is the static IP provided by ISP 117.240.230.96 to 112.

117.240.230.98 is the gateway provided by ISP,

this is what we have created

# Int fa0/0

# ip address 117.240.230.96 255.0.0.0

#no shut

# exit

#Iint fa0/0

# ip nat outside

# exit

#int fa0/1

#ip address 172.16.1.1 255.255.0.0

#no shut

# exit

#int fa0/1

# ip nat inside

#exit

#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error

and can u correct the error and tell how to config overlaod

Purple

Re: How to NAT in Cisco 2800 Router

Hi,

# Int fa0/0

# ip address 117.240.230.96 255.0.0.0

Your mask means you are supernetting so you should ask your ISP the mask but at a minimum it will be /24 ( 255.255.255.0)

The ISP gave you a range og 17 IPs so I would presume the mask should more than probably be greater than /24  and it

could be a /29( 255.255.255.248)

You don't have to exit from interface and then renter to configure nat inside/outside

#access list 100 permit 172.16.0.0  0.0.255.255

when we type this we have error

You are configuring an extended ACL because the number is >= 100 and so the syntax asks you to enter ip or tcp or udp or icmp,etc

after the acl  permit or deny clause and furthermore you need to specify a dest address.

If you want to d simple nat overload then use a standard ACL

access-list 10 permit 172.16.0.0 0.0.255.255

Then for the overload:

ip nat inside source list 10 interface f0/0

Regards.

Alain.

Don't forget to rate helpful posts.
6773
Views
0
Helpful
7
Replies