Cisco Systems 78-11741-02 manual Translating Inside Source Addresses, IPC-37

Configuring IP Addressing

Configuring Network Address Translation

Translating Inside Source Addresses

You can translate your own IP addresses into globally unique IP addresses when communicating outside of your network. You can configure static or dynamic inside source translation as follows:

•Static translation establishes a one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.

•Dynamic translation establishes a mapping between an inside local address and a pool of global addresses. An access-list or a route-map can be specified for dynamic translations. Route maps allow you to match any combination of access-list, new-hop IP address, and output interface to determine which pool to use.

Figure 4 illustrates a router that is translating a source address inside a network to a source address outside the network.

Figure 4 NAT Inside Source Translation

InsideOutside

1.1.1.22.2.2.3

1.1.1.12.2.2.2

The following process describes inside source address translation, as shown in Figure 4:

1.The user at host 1.1.1.1 opens a connection to host B.

2.The first packet that the router receives from host 1.1.1.1 causes the router to check its NAT table:

–If a static translation entry was configured, the router goes to Step 3.

–If no translation entry exists, the router determines that Source-Address (SA) 1.1.1.1 must be translated dynamically, selects a legal, global address from the dynamic address pool, and creates a translation entry. This type of entry is called a simple entry.

3.The router replaces the inside local source address of host 1.1.1.1 with the global address of the translation entry and forwards the packet.

4.Host B receives the packet and responds to host 1.1.1.1 by using the inside global IP Destination- Address (DA) 2.2.2.2.

5.When the router receives the packet with the inside global IP address, it performs a NAT table lookup by using the inside global address as a key. It then translates the address to the inside local address of host 1.1.1.1 and forwards the packet to host 1.1.1.1.

Cisco IOS IP Configuration Guide

IPC-37