Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT

Hi All

I am struck up with NAT while configuring the router.

The issue is, there are 3 different subnet in my LAN. I wanna NAT all these IP like this.

ip nat inside source static 10.10.10.1 172.16.131.1

ip nat inside source static 10.10.10.2 172.16.131.2

ip nat inside source static 10.10.10.3 172.16.131.3

ip nat inside source NATME interface serial 0 overload

access-list permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1

!

int s0/0

ip nat outside

!

int fa0/0

ip nat inside

From the above config, I wanna do Static NAT for 10.10.10.1, 2 & 3 and dynamic NAT for rest of the IPs in the same subnet.

Please clarify me that if the above NAT is correct? as I am implementing in live n/w I wanna clear myself on this.

Thanks in Adv

14 REPLIES

Re: NAT

Hi,

As a rule, in static NAT, a translation is statically configured and is placed in the translation table without the need for any traffic, and they remain in the translation table until you delete the static NAT command(s). While with dynamic NAT, the translation table in the router is initially empty and gets populated once traffic that needs to be translated passes through the router, also dynamic translations have a timeout period after which they are purged from the translation table.

So your configuration should work properly.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Hall of Fame Super Blue

Re: NAT

Hi Mohammed

To be honest that's what i thought until i read the FAQ. Do you have this working in a production environment ?

If so i guess the FAQ is a but outdated. If not i could do quick test in our lab.

Jon

Hall of Fame Super Blue

Re: NAT

Hi

From the Cisco FAQ on NAT

=============================================

Q. Is it possible to build a configuration with both static and dynamic NAT translations?

A. Yes, this is possible. The caveat that the global addresses use in static translations are not automatically excluded with dynamic pools that contain those global addresses. You must create your dynamic pools to exclude addresses assigned via static entries.

=============================================

So i think you should exclude the first 3 addresses from your global pool.

HTH

Jon

Re: NAT

hi Jon,

According to this document it can be done without the exclusion, but i'll check it for more certainty:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH,

Mohammed Mahmoud.

Hall of Fame Super Blue

Re: NAT

Hi Mohammed

Yep, just tested it in our lab and it looks like you can do it without the exclusion so 5 points winging their way to you !!!

Jon

Re: NAT

Hi

I dnot see any nat pool configured.

what is the range of u r ips.

what is NATME..?

there are no ip address on u r interfaces.

Thanks

Mahmood

Community Member

Re: NAT

Hi Mohamood

Here NATME is the extended ACL name. here I have given the fake IP address of the interface..

I need the static translation for first three IPs

ip nat inside source NATME interface serial 0 overload

access-list extended NATME permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1

!

int s0/0

ip address 1.1.1.1 255.255.2555.0 (Duplicate IP)

ip nat outside

!

int fa0/0

IP address 10.10.10.200 255.255.255.0

ip nat inside

Community Member

Re: NAT

There is no IP pool, instead of that I am using the serial interface with overload. will this NAT config work as I expected...?

Please clarify me..its bit urgent..

Thanks

Re: NAT

hi,

According to this document it can be done without the exclusion, any way i'll try to test it for you.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH, please do rate all helpful replies,

Mohammed Mahmoud

Community Member

Re: NAT

Yes mohammed, I read this link...in this it was configured with IP Pool. But I need to do the same with interface...is it possible..

it would be greatful If you can do a test for me...

thanks

Hall of Fame Super Blue

Re: NAT

Hi

Mohammed is dead right in this instance. I have just tested in our lab and you can use your config as suggested so it looks like the NAT FAQ is somewhat out of date.

Yes you can do it with the interface as this is what i tested in the lab

HTH

Jon

Community Member

Re: NAT

Hi Jon & Mohammed

Thanks for your help. Let me try the same in real network..now..

Re: NAT

Hi Jon,

I've just tested also my self, and its running, as you said it seems that this FAQ is outdated.

HTH,

Mohammed Mahmoud.

Re: NAT

hi,

You are welcomed, please never hesitate for any further questions.

HTH,

Mohammed Mahmoud.

154
Views
15
Helpful
14
Replies
CreatePlease to create content