Difference between revisions of "Cisco NAT for IPv4"
Jump to navigation
Jump to search
| Line 15: | Line 15: | ||
: | : | ||
: | : | ||
Outside : Inside | <span style="color: red">Outside</span> : <span style="color: blue">Inside</span> | ||
Gi0/0 : Gi0/1 | Gi0/0 : Gi0/1 | ||
PC1 --- 209.165.200.224/29 ------- [ R1 ] ------- 192.168.4.0/24 ---------- WebServer | PC1 --- 209.165.200.224/29 ------- [ R1 ] ------- 192.168.4.0/24 ---------- WebServer | ||
.230 .225 : .1 .10 | <span style="color: green">.230</span> .225 : .1 <span style="color: blue">.10</span> | ||
: Inside 192.168.4.10/24 | : Inside 192.168.4<span style="color: blue">.10</span>/24 | ||
: Outside 209.165.200.229 | : Outside 209.165.200<span style="color: red">.229</span> | ||
INTERNET : LOCAL LAN | INTERNET : LOCAL LAN | ||
: | : | ||
R1(config)# '''ip nat inside source static 192.168.4.10 209.165.200.229''' | R1(config)# '''ip nat inside source static 192.168.4<span style="color: blue">.10</span> 209.165.200<span style="color: red">.229</span>''' | ||
R1(config)# '''interface gi0/0''' | R1(config)# '''interface gi0/0''' | ||
R1(config-if)# '''ip nat outside''' | R1(config-if)# '''ip nat outside''' | ||
| Line 36: | Line 36: | ||
R1#'''show ip nat translations''' | R1#'''show ip nat translations''' | ||
Pro Inside global Inside local Outside local Outside global | Pro Inside global Inside local Outside local Outside global | ||
--- 209.165.200.229 192.168.4.10 --- --- | --- 209.165.200<span style="color: red">.229</span> 192.168.4<span style="color: blue">.10</span> --- --- | ||
'''Trigger translation by accessing WebServer <nowiki>http://209.165.200.229</nowiki> from PC1''' | '''Trigger translation by accessing WebServer <nowiki>http://209.165.200<span style="color: red">.229</span></nowiki> from PC1''' | ||
R1#'''show ip nat translations''' | R1#'''show ip nat translations''' | ||
Pro Inside global Inside local Outside local Outside global | Pro Inside global Inside local Outside local Outside global | ||
--- 209.165.200.229 192.168.4.10 --- --- | --- 209.165.200<span style="color: red">.229</span> 192.168.4<span style="color: blue">.10</span> --- --- | ||
tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1079209.165.200.230:1079 | tcp 209.165.200<span style="color: red">.229</span>:80 192.168.4<span style="color: blue">.10</span>:80 209.165.200<span style="color: green">.230</span>:1079209.165.200<span style="color: green">.230</span>:1079 | ||
tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1080209.165.200.230:1080 | tcp 209.165.200<span style="color: red">.229</span>:80 192.168.4<span style="color: blue">.10</span>:80 209.165.200<span style="color: green">.230</span>:1080209.165.200<span style="color: green">.230</span>:1080 | ||
tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1081209.165.200.230:1081 | tcp 209.165.200<span style="color: red">.229</span>:80 192.168.4<span style="color: blue">.10</span>:80 209.165.200<span style="color: green">.230</span>:1081209.165.200<span style="color: green">.230</span>:1081 | ||
tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1082209.165.200.230:1082 | tcp 209.165.200<span style="color: red">.229</span>:80 192.168.4<span style="color: blue">.10</span>:80 209.165.200<span style="color: green">.230</span>:1082209.165.200<span style="color: green">.230</span>:1082 | ||
= Troubleshooting = | = Troubleshooting = | ||
Revision as of 19:13, 15 February 2015
Port Forwarding
Port forwarding is a static NAT translation with a specified TCP or UDP port number.
ip nat inside source {static {tcp | udp} local-ip local-port global-ip global-port} [extendable]
interface s0/0/0
ip nat outside
interface fa0/0
ip nat inside
- extendable - option applied automatically, allows the user to configure several ambiguous static translations, where ambiguous translations are translations with the same local or global address. It allows the router to extend the translations to more than one port if necessary
NAT overload
A PAT-enabled router maintains a table that consists of a mapping of inside local IP addresses and TCP/UDP port numbers to outside local addresses and TCP/UDP port numbers. When traffic returns to the router from the public network, the router would compare the destination port to the PAT mapping table to determine to which inside host the traffic should be sent.
Static NAT
:
:
Outside : Inside
Gi0/0 : Gi0/1
PC1 --- 209.165.200.224/29 ------- [ R1 ] ------- 192.168.4.0/24 ---------- WebServer
.230 .225 : .1 .10
: Inside 192.168.4.10/24
: Outside 209.165.200.229
INTERNET : LOCAL LAN
:
R1(config)# ip nat inside source static 192.168.4.10 209.165.200.229
R1(config)# interface gi0/0
R1(config-if)# ip nat outside
R1(config)# interface gi0/1
R1(config-if)# ip nat inside
R1(config)# ip route 0.0.0.0 0.0.0.0 gi0/0
- Verify
Before any translations occur
R1#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.200.229 192.168.4.10 --- ---
Trigger translation by accessing WebServer http://209.165.200<span style="color: red">.229</span> from PC1
R1#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.200.229 192.168.4.10 --- --- tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1079209.165.200.230:1079 tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1080209.165.200.230:1080 tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1081209.165.200.230:1081 tcp 209.165.200.229:80 192.168.4.10:80 209.165.200.230:1082209.165.200.230:1082
Troubleshooting
I had problem with a static nat and suddenly it started working, not sure what was related to but I issued following commands on R1:
R1#clear mac-address-table R1#dynamic clear arp-cache
References
- more in Cisco_weird_interfaces#NVI_-_NAT_Virtual_Interface
- Static NAT Packet Tracer example