Determine how you will use NAT and how NAT will need to be configured.
1. Define NAT inside and outside interfaces by answering the following questions:
– Do users exist off multiple interfaces?
–Are there multiple interfaces going to the Internet?
2. Define what is trying to be accomplished with NAT by answering the following questions:
–Should NAT allow internal users to access the Internet?
–Should NAT allow the Internet to access internal devices such as a mail server?
–Should NAT redirect TCP traffic to another TCP port or address?
–Will NAT be used during a network transition?
–Should NAT allow overlapping networks to communicate?
–Should NAT allow networks with different address schemes to communicate?
–Should NAT allow the use of an application level gateway?
If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any any command in the access list.
In a typical environment, NAT is configured at the exit router between a stub domain and backbone
NAT uses the following definitions:
•Inside local address—The IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.
•Inside global address—A legitimate IP address (assigned by the NIC or service provider) that represents one or more inside local IP addresses to the outside world.
•Outside local address—The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it was allocated from address space routable on the inside.
•Outside global address—The IP address assigned to a host on the outside network by the owner of the host. The address was allocated from a globally routable address or network space.
NAT types include:
•Static Address Translation—Static NAT—allows one-to-one mapping between local and global addresses.
•Dynamic Address Translation—Dynamic NAT—maps unregistered IP addresses to registered IP addresses of out of a pool of registered IP addresses.
•Overloading—a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many to one) using different ports. This method is also known as Port Address Translation (PAT). By using PAT (NAT Overload), thousands of users can be connected to the Internet using only one real global IP address.
Inside Source Address Translation
- ip nat inside source static local-ip global-ip
- interface type number
- ip address ip-address mask [secondary]
- inside & outside nat interfaces
Configuring Dynamic Translation of Inside Source Addresses
- ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
- access-list access-list-number permit source [source-wildcard]
- ip nat inside source list access-list-number pool name
- inside & outside nat interfaces
Allowing Internal Users Access to the Internet Using NAT
Inside Global Addresses Overloading
- ip nat pool name start-ip end-ip {netmask netmask| prefix-length prefix-length}
- access-list access-list-number permit source [source-wildcard]
- ip nat inside source list access-list-number pool name overload
- inside & outside nat interfaces
