Scribd
Upload
1 views

static nat one to one

Uploaded by

beomeo
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1 views

static nat one to one

Uploaded by

beomeo
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

 HomeCCNA Study GuideLinux TutorialsNetworking TutorialsCareer

How to Configure Static NAT in


Resources

Cisco Router
This tutorial explains Static NAT configuration in detail. Learn how configure static NAT,
map address (inside local address, outside local address, inside global address and outside
global address), debug and verify Static NAT translation step by step with practical examples
in packet tracer.

In order to configure NAT we have to understand four basic terms; inside local, inside global,
outside local and outside global. These terms define which address will be mapped with
which address.

Term Description
Inside Local IP Address Before translation source IP address located inside the local netw
Inside Global IP Address After translation source IP address located outside the local netw
Outside Global IP Address Before translation destination IP address located outside the rem
Outside Local IP Address After translation destination IP address located inside the remot
For this tutorial I assume that you are familiar with these basic terms. If you want to learn
these terms in detail please go through the first part of this article which explains them in
details with examples.

This tutorial is the second part of our article “Learn NAT (Network Address Translation)
Step by Step in Easy Language with Examples”. You can read other parts of this article
here.

Basic Concepts of NAT Exaplained in Easy Language

This tutorial is the first part of this article. This tutorial explains basic concepts of static nat, dynamic nat, pat inside
local, outside local, inside global and outside global in detail with examples.

How to Configure Dynamic NAT in Cisco Router

This tutorial is the third part of this article. This tutorial explains how to configure Dynamic NAT (Network Address
Translation) in Cisco Router step by step with packet tracer examples.

Configure PAT in Cisco Router with Examples

This tutorial is the last part of this article. This tutorial explains how to configure PAT (Port Address Translation) in
Cisco Router step by step with packet tracer examples.

Static NAT Practice LAB Setup

To explain Static NAT Configuration, I will use packet tracer network simulator software.
You can use any network simulator software or can use real Cisco devices to follow this
guide. There is no difference in output as long as your selected software contains the
commands explained in this tutorial.
Create a practice lab as shown in following figure or download this pre-created practice lab
and load in packet tracer

Download NAT Practice LAB with initial IP configuration

If require, you can download the latest as well as earlier version of Packet Tracer from here. Download Packet
Tracer

Initial IP Configuration

Device / Interface IP Address


Laotop0 10.0.0.10/8
Laptop1 10.0.0.20/8
Laptop2 10.0.0.30/8
Server0 192.168.1.10/24
Serial 0/0/0 of R1 100.0.0.1/8
Serial 0/0/0 of R2 100.0.0.2/8

If you are following this tutorial on my practice topology, skip this IP configuration section as that topology is
already configured with this initial IP configuration

To assign IP address in Laptop click Laptop and click Desktop and IP configuration and
Select Static and set IP address as given in above table.
Following same way configure IP address in Server.

To configure IP address in Router1 click Router1 and select CLI and press Enter key.
Two interfaces of Router1 are used in topology; FastEthernet0/0 and Serial 0/0/0.

By default interfaces on router are remain administratively down during the start up. We need
to configure IP address and other parameters on interfaces before we could actually use them
for routing. Interface mode is used to assign the IP address and other parameters. Interface
mode can be accessed from global configuration mode. Following commands are used to
access the global configuration mode.

Router>enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Before we configure IP address in interfaces let’s assign a unique descriptive name to router.

Router(config)#hostname R1
R1#
Now execute the following commands to set IP address in FastEthernet 0/0 interface.

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
interface FastEthernet 0/0 command is used to enter in interface mode.

ip address 10.0.0.1 255.0.0.0 command assigns IP address to interface.

no shutdown command is used to bring the interface up.

exit command is used to return in global configuration mode.

Serial interface needs two additional parameters clock rate and bandwidth. Every serial cable
has two ends DTE and DCE. These parameters are always configured at DCE end.

We can use show controllers interface command from privilege mode to check the cable’s
end.

R1(config)#exit
R1#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 2000000
[Output omitted]
Fourth line of output confirms that DCE end of serial cable is attached. If you see DTE here
instead of DCE skip these parameters.

Now we have necessary information let’s assign IP address to serial interface.

R1#configure terminal
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 100.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#
Router#configure terminal Command is used to enter in global configuration mode.

Router(config)#interface serial 0/0/0 Command is used to enter in interface mode.

Router(config-if)#ip address 100.0.0.1 255.0.0.0 Command assigns IP address to interface.

Router(config-if)#clock rate 64000

In real life environment this parameter controls the data flow between serial links and need to
be set at service provider’s end. In lab environment we need not to worry about this value.
We can use any valid rate here.

Router(config-if)#bandwidth 64

Bandwidth works as an influencer. It is used to influence the metric calculation of EIGRP or


any other routing protocol which uses bandwidth parameter in route selection process.

Router(config-if)#no shutdown Command brings interface up.

Router(config-if)#exit Command is used to return in global configuration mode.

We will use same commands to assign IP addresses on interfaces of Router2. We need to


provided clock rate and bandwidth only on DCE side of serial interface. Following command
will assign IP addresses on interface of Router2.

Initial IP configuration in R2

Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface Serial0/0/0
R2(config-if)#ip address 100.0.0.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#
That’s all initial IP configuration we need. Now this topology is ready for the practice of
static nat.

Configure Static NAT


Static NAT configuration requires three steps: -

1. Define IP address mapping


2. Define inside local interface
3. Define inside global interface

Since static NAT use manual translation, we have to map each inside local IP address (which
needs a translation) with inside global IP address. Following command is used to map the
inside local IP address with inside global IP address.

Router(config)#ip nat inside source static [inside local ip


address] [inside global IP address]
For example in our lab Laptop1 is configured with IP address 10.0.0.10. To map it with
50.0.0.10 IP address we will use following command

Router(config)#ip nat inside source static 10.0.0.10 50.0.0.10


In second step we have to define which interface is connected with local the network. On
both routers interface Fa0/0 is connected with the local network which need IP translation.

Following command will define interface Fa0/0 as inside local.

Router(config-if)#ip nat inside


In third step we have to define which interface is connected with the global network. On both
routers serial 0/0/0 interface is connected with the global network. Following command will
define interface Serial0/0/0 as inside global.

Router(config-if)#ip nat outside


Following figure illustrates these terms.

Let’s implement all these commands together and configure the static NAT.

R1 Static NAT Configuration


R1(config)#ip nat inside source static 10.0.0.10 50.0.0.10
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#
R1(config)#interface Serial 0/0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
For testing purpose I configured only one static translation. You may use following
commands to configure the translation for remaining address.

R1(config)#ip nat inside source static 10.0.0.20 50.0.0.20


R1(config)#ip nat inside source static 10.0.0.30 50.0.0.30
R2 Static NAT Configuration
R2(config)#ip nat inside source static 192.168.1.10 200.0.0.10
R2(config)#interface FastEthernet 0/0
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#
R2(config)#interface Serial 0/0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
Before we test this lab we need to configure the IP routing. IP routing is the process which
allows router to route the packet between different networks. Following tutorial explain
routing in detail with examples

Routing concepts Explained with Examples

Configure static routing in R1


R1(config)#ip route 200.0.0.0 255.255.255.0 100.0.0.2
Configure static routing in R2

R2(config)#ip route 50.0.0.0 255.0.0.0 100.0.0.1


Testing Static NAT Configuration

In this lab we configured static NAT on R1 and R2. On R1 we mapped inside local IP
address 10.0.0.10 with inside global address 50.0.0.10 while on R2 we mapped inside local IP
address 192.168.1.10 with inside global IP address 200.0.0.10.

Device Inside Local IP Address Inside Glo


Laptop0 10.0.0.10 50.0.0.10
Server 192.168.1.10 200.0.0.10
To test this setup click Laptop0 and Desktop and click Command Prompt.

 Run ipconfig command.


 Run ping 200.0.0.10 command.
 Run ping 192.168.1.10 command.

First command verifies that we are testing from correct NAT device.

Second command checks whether we are able to access the remote device or not. A ping
reply confirms that we are able to connect with remote device on this IP address.

Third command checks whether we are able to access the remote device on its actual IP
address or not. A ping error confirms that we are not able to connect with remote device on
this IP address.

Let’s do one more testing. Click Laptop0 and click Desktop and click Web Browser and
access 200.0.0.10.
Above figure confirms that host 10.0.0.10 is able to access the 200.0.0.10.

Now run ping 200.0.0.10 command from Laptop1.

Why we are not able to connect with the remote device from this host?

Because we configured NAT only for one host (Laptop0) which IP address is 10.0.0.10. So
only the host 10.0.0.10 will be able to access the remote device.

To confirm it again, let’s try to access web service from this host.
If you followed this tutorial step by step, you should get the same output of testing. Although
it’s very rare but some time you may get different output. To figure out what went wrong you
can use my practice topology with all above configuration. Download my practice topology

Download NAT Practice LAB with Static NAT configuration

We can also verify this translation on router with show ip nat translation command.

Following figure illustrate this translation on router R1.

Following figure illustrate this translation on router R2

Pay a little bit extra attention on outside local address filed. Have you noticed one
interesting feature of NAT in above output? Why actual outside local IP address is not listed
in this filed?
The actual IP address is not listed here because router is receiving packets after the
translation. From R1’s point of view remote device’s IP address is 200.0.0.10 while from
R2’s point of view end device’s IP address is 50.0.0.10.

This way if NAT is enabled we would not be able to trace the actual end device.

That’s all for this tutorial. In next part we will learn dynamic NAT configuration step by step
with examples.

By ComputerNetworkingNotes Updated on 2024-06-09

ComputerNetworkingNotes CCNA Study Guide How to Configure Static NAT in Cisco


Router

How to Configure Dynamic NAT in Cisco Router

Basic Concepts of NAT Explained in Easy Language

 EtherChannel Load Distribution Explained


 Link Aggregation Control Protocol (LACP) Explained
 Port Aggregation Protocol (PAgP) Explained
 EtherChannel Manual Configuration
 EtherChannel Basic Concepts Explained
 STP, RSTP, PVST, RPVST, and MSTP
 Similarities and Differences between STP and RSTP
 RSTP / RPVST Explained with Examples
 PVST/RPVST and EtherChannel Explained
 STP/RSTP Timers Explained

We do not accept any kind of Guest Post. Except Guest post submission, for any
other query (such as adverting opportunity, product advertisement, feedback,
suggestion, error reporting and technical issue) or simply just say to hello mail
us [email protected]
Computer Networking Notes and Study Guides © 2024. All Rights Reserved.

 About
 Privacy Policy
 Terms and Conditions

You might also like