Cisco® CCNA Exam Cram Notes : NAT

VII. IP connectivity and Services

3. NAT

Static NAT: It is a one-to-one mapping between an unregistered IP address and a registered IP address.

Enabling Static NAT for an Inside Source Address

For inside source translation, the traffic flows from inside interface to the outside interface. NAT translates the inside local IP address to the inside global IP address. On the return traffic, the destination inside global IP address gets translated back to the inside local IP address.

Step 1: R1#configure terminal

Enters global configuration mode.

Step 2: R1(config)#ip nat inside source static local-ip-address global-ip-address [group group-id]

Configures static NAT to translate the inside global address to the inside local address or to translate the opposite (the inside local traffic to the inside global traffic).

Step 3: R1(config)#copy running-config startup-config (Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example:

R1>enable
R1#configure terminal
Enter into global configuration mode
R1(config)#ip nat inside source static
192.168.1.10 200.200.200.3
R1(config)#ip nat inside source static
192.168.1.11 200.200.200.4

192.168.1.10, 192.168.1.11 = inside local addresses 200.200.200.3, 200.200.200.4 = inside global addresses

ip nat pool <pool-name> <ip-address> <ip-address> netmask <mask-address>

Configuring NAT when translating private LAN addresses to public internet addresses on router.

The following command configures a static NAT translation by mapping inside local address to the inside global address.

ip nat inside source static 192.168.0.100 88.248.153.137

Here, 192.168.0.100 is the inside local address, and 88.248.153.137 is the inside global address. A packet's source address 192.168.0.100 is changed to 88.248.153.137 by the NAT device.

The correct syntax for enabling dynamic NAT to translate many inside hosts to an inside global IP address is:

ip nat inside source list <access-list-number> pool <pool-name> overload

where <access-list-number> is the standard access list number, and <pool-name> is the pool name.

Dynamic NAT: Usually, Dynamic NAT is implemented, where a pool of public IP addresses is shared by an entire private IP subnet. When a private host initiates a connection, a public IP address is selected. The mapping of the computer's non-routable IP address matched to the selected IP address is stored in the NAT Table. As long as the outgoing connection is maintained, the private host can be reached by incoming packets sent to the specified public address. When the binding expires, the address is returned to the pool for reuse.

The following two statements are true about dynamic NAT translations:

1. The inside IP addresses eligible for address translation are defined in a standard IP access-list.

2. Only packets moving between inside and outside networks will get translated. This is true even for static NAT. If a packet is destined for another host, but does not require to cross the NAT boundary, the packet source /destination addresses are not translated. This is understandable, since the packet is not crossing the inside network boundary.

Previous    Contents    Next


CCNA Cram Notes Contents
certexams ad

simulationexams ad