Scribd
Upload
12 views

How To Configure Static NAT in Cisco

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

How To Configure Static NAT in Cisco

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

H

Hoow
w ttoo C
Coonnffiigguurree SSttaattiicc N
NAATT iinn C
Ciissccoo RRoouutteerr

how configure static NAT, map address (inside local address, outside local address, inside global address and outside global
address), debug and verify Static NAT translation step by step with practical examples in packet tracer.

In order to configure NAT we have to understand four basic terms; inside local, inside global, outside local and outside global. These
terms define which address will be mapped with which address.

Term Description

Inside Local IP Address Before translation source IP address located inside the local network.

Inside Global IP Address After translation source IP address located outside the local network.

Outside Global IP Address Before translation destination IP address located outside the remote network.

Outside Local IP Address After translation destination IP address located inside the remote network.

For this tutorial I assume that you are familiar with these basic terms. If you want to learn these terms in detail please go through the
first part of this article which explains them in details with examples.

This tutorial is the second part of our article “ Learn NAT (Network Address Translation) Step by Step in Easy Language with
Examples”. You can read other parts of this article here.
To explain Static NAT Configuration, I will use packet tracer network simulator software. You can use any network simulator s oftware or
can use real Cisco devices to follow this guide. There is no difference in output as long as your selected software contains the
commands explained in this tutorial.

Create a practice lab as shown in following figure or download this pre-created practice lab and load in packet tracer

IInniittiiaall IIPP CCoonnffiigguurraattiioonn


Device / Interface IP Address Connected With

Laotop0 10.0.0.10/8 Fa0/0 of R0

Laptop1 10.0.0.20/8 Fa0/0 of R0

Laptop2 10.0.0.30/8 Fa0/0 of R0

Server0 192.168.1.10/24 Fa0/0 of R1

Serial 0/0/0 of R1 100.0.0.1/8 Serial 0/0/0 of R2

Serial 0/0/0 of R2 100.0.0.2/8 Serial 0/0/0 of R2

To assign IP address in Laptop click Laptop and click Desktop and IP configuration and Select Static and set IP address as given in
above table.
Following same way configure IP address in Server.

To configure IP address in Router1 click Router1 and select CLI and press Enter key.

Two interfaces of Router1 are used in topology; FastEthernet0/0 and Serial 0/0/0.

By default interfaces on router are remain administratively down during the start up. We need to configure IP address and oth er
parameters on interfaces before we could actually use them for routing. Interface mode is used to assign the IP address and o ther
parameters. Interface mode can be accessed from global configuration mode. Following commands are used to access the global
configuration mode.

Router>enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#

Before we configure IP address in interfaces let’s assign a unique descriptive name to router.

Router(config)#hostname R1
R1#

Now execute the following commands to set IP address in FastEthernet 0/0 interface.

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit

interface FastEthernet 0/0 command is used to enter in interface mode.

ip address 10.0.0.1 255.0.0.0 command assigns IP address to interface.


no shutdown command is used to bring the interface up.
parameters are always configured at DCE end.
exit command is used to return in global configuration mode.
We can use show controllers interface command from privilege mode to check the cable’s end.
Serial interface needs two additional parameters clock rate and bandwidth. Every serial cable has two ends DTE and DCE. These
R1(config)#exit
R1#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 2000000
[Output omitted]

Fourth line of output confirms that DCE end of serial cable is attached. If you see DTE here instead of DCE skip these parameters.

Now we have necessary information let’s assign IP address to serial interface.

R1#configure terminal
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 100.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#

Router#configure terminal Command is used to enter in global configuration mode.

Router(config)#interface serial 0/0/0 Command is used to enter in interface mode.

Router(config-if)#ip address 100.0.0.1 255.0.0.0 Command assigns IP address to interface.

Router(config-if)#clock rate 64000

In real life environment this parameter controls the data flow between serial links and need to be set at service provider’s end. In lab
environment we need not to worry about this value. We can use any valid rate here.

Router(config-if)#bandwidth 64

Bandwidth works as an influencer. It is used to influence the metric calculation of EIGRP or any other routing protocol which uses
bandwidth parameter in route selection process.

Router(config-if)#no shutdown Command brings interface up.

Router(config-if)#exit Command is used to return in global configuration mode.

We will use same commands to assign IP addresses on interfaces of Router2. We need to provided clock rate and bandwidth only on
DCE side of serial interface. Following command will assign IP addresses on interface of Router2.

IInniittiiaallIIPP ccoonnffiigguurraattiioonn iinn RR22


Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface Serial0/0/0
R2(config-if)#ip address 100.0.0.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#

That’s all initial IP configuration we need. Now this topology is ready for the practice of static nat.

CCoonnffiigguurree SSttaattiicc N
NAATT
1. Define IP address mapping
2. Define inside local interface
3. Define inside global interface

Since static NAT use manual translation, we have to map each inside local IP address (which needs a translation) with inside global IP
address. Following command is used to map the inside local IP address with inside global IP address.

Router(config)#ip nat inside source static [inside local ip address] [inside global IP address]

For example in our lab Laptop1 is configured with IP address 10.0.0.10. To map it with 50.0.0.10 IP address we will use following
command

Router(config)#ip nat inside source static 10.0.0.10 50.0.0.10

In second step we have to define which interface is connected with local the network. On both routers interface Fa0/0 is connected
with the local network which need IP translation.

Following command will define interface Fa0/0 as inside local.

Router(config-if)#ip nat inside

In third step we have to define which interface is connected with the global network. On both routers serial 0/0/0 interface is
connected with the global network. Following command will define interface Serial0/0/0 as inside global.

Router(config-if)#ip nat outside

Following figure illustrates these terms.

Let’s implement all these commands together and configure the static NAT.

RR11 SSttaattiicc N
NAATT CCoonnffiigguurraattiioonn
R1(config)#ip nat inside source static 10.0.0.10 50.0.0.10
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#
R1(config)#interface Serial 0/0/0
R1(config-if)#ip nat outside
R1(config-if)#exit

For testing purpose I configured only one static translation. You may use following commands to configure the translation for
remaining address.

R1(config)#ip nat inside source static 10.0.0.20 50.0.0.20


R1(config)#ip nat inside source static 10.0.0.30 50.0.0.30

RR22 SSttaattiicc N
NAATT CCoonnffiigguurraattiioonn
R2(config)#ip nat inside source static 192.168.1.10 200.0.0.10
R2(config)#interface FastEthernet 0/0
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#
R2(config)#interface Serial 0/0/0
R2(config-if)#ip nat outside
R2(config-if)#exit

Before we test this lab we need to configure the IP routing. IP routing is the process which allows router to route the packet between
different networks. Following tutorial explain routing in detail with examples

CCoonnffiigguurree ssttaattiicc rroouuttiinngg iinn RR11


R1(config)#ip route 200.0.0.0 255.255.255.0 100.0.0.2

CCoonnffiigguurree ssttaattiicc rroouuttiinngg iinn RR22


R2(config)#ip route 50.0.0.0 255.0.0.0 100.0.0.1

TTeessttiinngg SSttaattiicc N
NAATT CCoonnffiigguurraattiioonn
In this lab we configured static NAT on R1 and R2. On R1 we mapped inside local IP address 10.0.0.10 with inside global address
50.0.0.10 while on R2 we mapped inside local IP address 192.168.1.10 with inside global IP address 200.0.0.10.

Device Inside Local IP Address Inside Global IP Address

Laptop0 10.0.0.10 50.0.0.10

Server 192.168.1.10 200.0.0.10

To test this setup click Laptop0 and Desktop and click Command Prompt.

Run ipconfig command.


Run ping 200.0.0.10 command.
Run ping 192.168.1.10 command.

First command verifies that we are testing from correct NAT device.

Second command checks whether we are able to access the remote device or not. A ping reply confirms that we are able to connect
with remote device on this IP address.
Third command checks whether we are able to access the remote device on its actual IP address or not. A ping error confirms that we
are not able to connect with remote device on this IP address.

Let’s do one more testing. Click Laptop0 and click Desktop and click Web Browser and access 200.0.0.10.

Above figure confirms that host 10.0.0.10 is able to access the 200.0.0.10.

Now run ping 200.0.0.10 command from Laptop1.

Why we are not able to connect with the remote device from this host?

Because we configured NAT only for one host (Laptop0) which IP address is 10.0.0.10. So only the host 10.0.0.10 will be able to access
the remote device.

To confirm it again, let’s try to access web service from this host.

If you followed this tutorial step by step, you should get the same output of testing. Although it’s very rare but some time you may get
different output. To figure out what went wrong you can use my practice topology with all above configuration. Download my pr actice
topology

We can also verify this translation on router with show ip nat translation command.

Following figure illustrate this translation on router R1.


Following figure illustrate this translation on router R2

The actual IP address is not listed here because router is receiving packets after the translation. From R1’s point of view remote
device’s IP address is 200.0.0.10 while from R2’s point of view end device’s IP address is 50.0.0.10.

This way if NAT is enabled we would not be able to trace the actual end device.

You might also like