Configuring IP Addressing

Configuring Network Address Translation

Configuring Static Translation

To configure static SA address translation, use the following commands in global configuration mode:

 

Command

 

 

Purpose

Step 1

 

 

 

Router(config)# ip

nat outside source static

Establishes static translation between an outside local

 

global-ip local-ip

 

 

address and an outside global address.

Step 2

 

 

 

Router(config)# interface

type number

Specifies the inside interface.

Step 3

 

 

 

 

Router(config-if)#

ip nat

inside

Marks the interface as connected to the inside.

Step 4

 

 

 

Router(config)# interface

type number

Specifies the outside interface.

Step 5

 

 

 

 

Router(config-if)#

ip nat

outside

Marks the interface as connected to the outside.

 

 

 

 

 

Configuring Dynamic Translation

To configure dynamic outside source address translation, use the following commands in global configuration mode:

 

Command

 

 

Purpose

Step 1

 

 

 

Router(config)# ip

nat pool name start-ip end-ip

Defines a pool of local addresses to be allocated as

 

{netmask netmask

prefix-length prefix-length}

needed.

Step 2

 

 

Router(config)# access-listaccess-list-number

Defines a standard access list.

 

permit source [source-wildcard]

 

Step 3

 

 

 

Router(config)# ip

nat outside source list

Establishes dynamic outside source translation,

 

access-list-number

pool name

specifying the access list defined in the prior step.

Step 4

 

 

 

Router(config)# interface

type number

Specifies the inside interface.

Step 5

 

 

 

 

Router(config-if)#

ip nat

inside

Marks the interface as connected to the inside.

Step 6

 

 

 

Router(config)# interface

type number

Specifies the outside interface.

Step 7

 

 

 

 

Router(config-if)#

ip nat

outside

Marks the interface as connected to the outside.

 

 

 

 

 

Note The access list must permit only those addresses that are to be translated. (Remember that there is an implicit “deny all” at the end of each access list.) An access list that is too permissive can lead to unpredictable results.

See the “Translating Overlapping Address Example” section at the end of this chapter for an example of translating an overlapping address.

Providing TCP Load Distribution

Another use of NAT is unrelated to Internet addresses. Your organization may have multiple hosts that must communicate with a heavily used host. Using NAT, you can establish a virtual host on the inside network that coordinates load sharing among real hosts. DAs that match an access list are replaced with

Cisco IOS IP Configuration Guide

IPC-43

Page 89
Image 89
Cisco Systems 78-11741-02 manual Providing TCP Load Distribution, Configuring Dynamic Translation, IPC-43