Cisco Support Community

How to configure NAT to not translate the addresses in the payload

Core Issue

Network Address Translation (NAT) replaces IP addresses within a packet with different IP addresses. NAT is useful for conserving IP addresses and connecting a private network using unregistered addresses to a public network such as the Internet.

For certain applications, NAT on Cisco IOS  Software also translates the addresses and port numbers embedded in the payload portion of the IP packets. This is useful for applications such as FTP and Voice over IP (VoIP) and in networks that deploy NAT and the Domain Name System (DNS) to resolve host names to IP addresses. If there is a translation set up for the corresponding address, the NAT router looks into the payload portion of the DNS messages and automatically modifies the addresses.


In certain cases, it may be necessary to not translate the addresses in the payload portion. For example, certain hosts may want to communicate with the actual address of a web server whose address is being translated for some other group of hosts. This requires the addresses in the DNS messages to be left without any change. 

This is achieved by using the NAT Translation of External IP Addresses Only feature. This feature translates the addresses in the header portion alone, but leaves the payload portion untouched. This is useful in instances where communication is needed with non-translated addresses. To enable this feature, issue the ip nat inside source static or ip nat outside source static commands with the no-payload option.

For more information about this feature, refer to NAT - Translation of External IP Addresses Only.