navbar
Strip_TechTips

Cisco IOS Network Address Translation (NAT)


Contents


Overview

In its simplest configuration, the Network Address Translator (NAT) operates on a router connecting two networks together; one of these networks (designated as inside) is addressed with either private or obsolete addresses that need to be converted into legal addresses before packets are forwarded onto the other network (designated as outside). The translation operates in conjunction with routing, so that NAT can simply be enabled on a customer-side Internet access router when translation is desired.

Use of a NAT device provides RFC 1631-style network address translation on the router platform. The goal of NAT is to provide functionality as if the private network had globally unique addresses and the NAT device was not present. RFC 1631 represents a subset of Cisco IOS NAT functionality.

Cisco IOS NAT supports "bi-directional translation" through the simultaneous use of "inside source" and "outside source" translations.

Terminology

natfig_11.gif
Inside
The set of networks that are subject to translation.

Outside
All other addresses. Usually these are valid addresses located on the Internet.

Inside local IP address
The IP address that was assigned to a host on the inside network. The address was either globally unique but obsolete, allocated from RFC 1918 space, or just picked out of thin air. The address may or may not be globally routable; but if it is globally routable, it may actually belong to another organization.

Inside global IP address
The IP address of an inside host as it appears to the outside world. The address was allocated from globally unique address space, typically provided by the Internet Service Provider (ISP).

Simple translation entry
A translation entry which maps one IP address to another.

Extended translation entry
A translation entry which maps one IP address and port pair to another.

Main Features

Configuration Commands

Interface Configuration Commands

    ip nat { inside | outside }
Interfaces need to be marked whether they are on the inside or the outside. Only packets arriving on a marked interface will be subject to translation.

Global Configuration Commands

Exec Commands

Configuration Examples

The following sample configuration translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 nets to the globally-unique 171.69.233.208/28 network.
  ip nat pool net-20 171.69.233.208 171.69.233.223 netmask <netmask> 255.255.255.240
  ip nat inside source list 1 pool net-20
  !
  interface Ethernet0
   ip address 171.69.232.182 255.255.255.240
   ip nat outside
  !
  interface Ethernet1
   ip address 192.168.1.94 255.255.255.0
   ip nat inside
  !
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 1 permit 192.168.2.0 0.0.0.255
The next sample configuration translates between inside hosts addressed from the 9.114.11.0 net to the globally unique 171.69.233.208/28 network. Packets from outside hosts addressed from 9.114.11.0 net (the "true" 9.114.11.0 net) are translated to appear to be from net 10.0.1.0/24.
  ip nat pool net-20 171.69.233.208 171.69.233.223 netmask <netmask> 255.255.255.240
  ip nat pool net-10 10.0.1.0 10.0.1.255 netmask <netmask> 255.255.255.0
  ip nat inside source list 1 pool net-20
  ip nat outside source list 1 pool net-10
  !
  interface Ethernet0
   ip address 171.69.232.182 255.255.255.240
   ip nat outside
  !
  interface Ethernet1
   ip address 9.114.11.39 255.255.255.0
   ip nat inside
  !
  access-list 1 permit 9.114.11.0 0.0.0.255

Feature Enhancements

  • More flexible pool configuration:
  • Translating to interface's address:
  • Static translations with ports:
  • Support for route maps:
  • "Extendable" static translations:
  • Autoaliasing of Pool Addresses:
  • Host Number Preservation:
  • Translation Timeout Improvements:
  • Translation Entry Limit:

    Frequently Asked Questions About NAT v3.0


    For More Information

    NAT

    Visit the main CCO NAT Page.

    Refer to the "Configure Network Address Translation (NAT)" section in the Configuring IP Addressing documentation.

    RFCs

    For information about the RFCs referenced in this document, see:

    White Papers

    For information about several applications for Cisco IOS, including sample configurations, see:


    Toolbar

    All contents copyright 1992--2000 Cisco Systems Inc. Important Notices and Privacy Statement.