Network Address Translation (NAT) - IOS

OS: 
CISCO:IOS-12.3
Function: 
NAT
Summary
  • Network address translation (NAT) refers to a function that replaces the IP addresses (and possibly the port numbers) of IP datagrams. NAT is run on routers that connect private networks to the public Internet, to replace the IP address-port pair of an IP packet with another IP address-port pair.
  • A NAT device is referred to as a NAT box. One of the reasons for using NAT is that it conserves IP addresses. NAT allows hosts in a private network to share public IP addresses or to limit the use of public IP addresses to a small number of hosts in the private network.
  • Private networks may have IP addresses that are non-Internet routable. This means that regular IP routers do not have entries in their routing tables for these addresses.
Detailed Description
  • In Cisco IOS, the private network is referred to as inside, and the public network is referred to as outside. An IP address that is seen by hosts on the inside is called a local address, and an IP address that is seen by hosts on the outside is called a global address. There are four different types of addresses:
    • An inside local address is an address in the private network that is not visible in the public network.
    • An inside global address can be used in the public network for devices in the private network.
    • An outside global address is an address in the public network that is not made known in the private network.
    • An outside local address is an IP address that is assigned in the private network to designate a host in the public network.
  • A NAT device translates in outgoing packets inside local addresses to outside global addresses and in incoming packets translates outside global addresses to inside local addresses.
Commands

Privileged Exec:  
show ip nat translations -Displays the content of the NAT table.
Interface Configuration:  
ip nat inside -Specifies that an interface is connected to the private network.
ip nat outside -Specifies that an interface is connected to the public network.
Global Configuration:  
ip nat inside source static IPaddr1 IPaddr2 -Adds a rule so that the private IP address IPaddr1 is mapped to a public IP address IPaddr2.
Example: ip nat inside source static 10.0.1.2 200.0.0.2 -maps the private address 10.0.1.2 to the public address 200.0.0.2
Examples
  • Following commands set up Router2 as a NAT device:
    • A NAT rule is added so that the private IP address of PC3, 10.0.1.2, is translated to the public address 200.0.0.2.

Router2> enable

Password: <enable secret>

Router2# show ip nat translations

Router2# configure terminal

Router2(config)# interface Fa0/0

Router2(config-if)# ip nat inside

Router2(config-if)# interface Fa0/1

Router2(config-if)# ip nat outside

Router2(config-if)# exit

Router2(config)# ip nat inside source static 10.0.1.2 200.0.0.2

Router2(config)# end

Router2# show ip nat translations