Scribd
Upload
87 views

6.5 Dynamic NAT

Uploaded by

Syifa Fauziah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views

6.5 Dynamic NAT

Uploaded by

Syifa Fauziah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

6.

5 Dynamic NAT

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Static NAT
Dynamic NAT Scenario
• Dynamic NAT automatically maps
inside local addresses to inside
global addresses.
• Dynamic NAT uses a pool of inside
global addresses.
• The pool of inside global addresses
is available to any device on the
inside network on a first-come first-
served basis.
• If all addresses in the pool are in
use, a device must wait for an
available address before it can
access the outside network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Static NAT
Configure Dynamic NAT
There are five tasks when configuring dynamic NAT translations:
• Step 1 - Define the pool of addresses that will be used for translation using the ip
nat pool command.
• Step 2 - Configure a standard ACL to identify (permit) only those addresses that
are to be translated.
• Step 3 - Bind the ACL to the pool, using the ip nat inside source list command.

R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224


R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# ip nat inside source list 1 pool NAT-POOL1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Static NAT
Configure Dynamic NAT (Cont.)
There are five tasks when configuring dynamic NAT translations:
• Step 4 - Identify which interfaces are inside.
• Step 5 - Identify which interfaces are outside.

R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224


R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# ip nat inside source list 1 pool NAT-POOL1
R2(config)# interface serial 0/1/0
R2(config-if)# ip nat inside
R2(config-if)# interface serial 0/1/1
R2(config-if)# ip nat outside

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Static NAT
Analyze Dynamic NAT – Inside to Outside
Dynamic NAT translation process:
1. PC1 and PC2 send packets requesting a
connection to the server.
2. R2 receives the first packet from PC1,
checks the ALC to determine if the packet
should be translated, selects an available
global address, and creates a translation
entry in the NAT table.
3. R2 replaces the inside local source address
of PC1, 192.168.10.10, with the translated
inside global address of 209.165.200.226
and forwards the packet. (The same process
occurs for the packet from PC2 using the
translated address of 209.165.200.227.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Static NAT
Analyze Dynamic NAT – Outside to Inside
Dynamic NAT translation process:
4. The server receives the packet from PC1 and
responds using the destination address of
209.165.200.226. The server receives the packet
from PC2, it responds to using the destination
address of 209.165.200.227.
5. (a) When R2 receives the packet with the
destination address of 209.165.200.226; it
performs a NAT table lookup and translates the
address back to the inside local address and
forwards the packet toward PC1.
(b) When R2 receives the packet with the
destination address of 209.165.200.227; it
performs a NAT table lookup and translates the
address back to the inside local address
192.168.11.10 and forwards the packet toward
PC2.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Static NAT
Analyze Dynamic NAT – Outside to Inside (Cont.)
Dynamic NAT translation process:
6. PC1 and PC2 receive the packets and
continue the conversation. The router
performs Steps 2 to 5 for each packet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Static NAT
Verify Dynamic NAT
The output of the show ip nat translations command displays all static
translations that have been configured and any dynamic translations that
have been created by traffic.

R2# show ip nat translations


Pro Inside global Inside local Outside local Outside global
--- 209.165.200.228 192.168.10.10 --- ---
--- 209.165.200.229 192.168.11.10 --- ---
R2#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Static NAT
Verify Dynamic NAT (Cont.)
Adding the verbose keyword displays additional information about each
translation, including how long ago the entry was created and used.

R2# show ip nat translation verbose


Pro Inside global Inside local Outside local Outside global
tcp 209.165.200.228 192.168.10.10 --- ---
create 00:02:11, use 00:02:11 timeout:86400000, left 23:57:48, Map-Id(In): 1,
flags:
none, use_count: 0, entry-id: 10, lc_entries: 0
tcp 209.165.200.229 192.168.11.10 --- ---
create 00:02:10, use 00:02:10 timeout:86400000, left 23:57:49, Map-Id(In): 1,
flags:
none, use_count: 0, entry-id: 12, lc_entries: 0
R2#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Static NAT
Verify Dynamic NAT (Cont.)
By default, translation entries time out after 24 hours, unless the timers have been
reconfigured with the ip nat translation timeout timeout-seconds command in global
configuration mode. To clear dynamic entries before the timeout has expired, use the
clear ip nat translation privileged EXEC mode command.

R2# clear ip nat translation *


R2# show ip nat translation

Command Description

clear ip nat translation *


Clears all dynamic address translation entries from the
NAT translation table.
clear ip nat translation inside global-ip Clears a simple dynamic translation entry containing an inside
local-ip [outside local-ip global-ip] translation or both inside and outside translation.
clear ip nat translation protocol inside
global-ip global-port local-ip local-port [
Clears an extended dynamic translation entry.
outside local-ip local-port global-ip global-
port]
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Static NAT
Verify Dynamic NAT (Cont.)
The show ip nat statistics command displays information about the total number of
active translations, NAT configuration parameters, the number of addresses in the
pool, and how many of the addresses have been allocated.
R2# show ip nat statistics
Total active translations: 4 (0 static, 4 dynamic; 0 extended)
Peak translations: 4, occurred 00:31:43 ago
Outside interfaces:
Serial0/1/1
Inside interfaces:
Serial0/1/0
Hits: 47 Misses: 0
CEF Translated packets: 47, CEF Punted packets: 0
Expired translations: 5
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool NAT-POOL1 refcount 4
pool NAT-POOL1: netmask 255.255.255.224
start 209.165.200.226 end 209.165.200.240
type generic, total addresses 15, allocated 2 (13%), misses 0
(output omitted)
R2#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Static NAT
Verify Dynamic NAT (Cont.)
The show running-config command and show s the NAT, ACL, interface, or pool
commands with the required values.

R2# show running-config | include NAT


ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224
ip nat inside source list 1 pool NAT-POOL1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Dynamic NAT
Packet Tracer – Configure Dynamic NAT
In this Packet Tracer, you will complete the following objectives:
• Configure Dynamic NAT
• Verify NAT Implementation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

You might also like