Basic LAN to WAN NAT for Internet Access

patpawlowski · ‎05-13-2005

Hey guys, I'm new to IOS and Cisco but pretty good with the IPTables firewall that we are trying to replace. I have Cisco 1700 with a T1 card. I have configured the T1 to at least come up and I think I have the WAN side of the router configured correctly:

ip routing

ip default-network 64.7.10.0

......other stuff......

interface Serial0/0.1 point-to-point

description connected to Internet

ip address 64.7.10.193 255.255.255.0

ip name-server 66.80.130.23 66.80.131.5

ip nat outside

frame-relay interface-dlci 16 IETF

At least it comes up!

I have been trying to configure our source NAT, where the router/gateway replaces the 10.0.0.x source address with our public 207.145.33.194 and then undoes it for the returning packets. But I just haven't been able to decifer the manual. Our internal network is 10.0.0.0/24 and I am trying to SNAT it to public 207.145.33.194. I have looked over and over the manual at the nat commands but cannot seem to figure out which format to use. I have the inside and outside interfaces set, that was easy.I figure something like this for the actuall address translation:

ip nat inside source static network 10.0.0.1 207.145.33.194 255.255.255.192

But I don't believe that's correct.

Thanks in advance for any help.

-pat

Georg Pauwen · ‎05-13-2005

Hello Pat,

try the following config:

ip nat pool INTERNET 207.145.33.194 207.145.33.194

ip nat inside source list 1 pool INTERNET overload

!

access-list 1 permit 10.0.0.0 0.255.255.255

If you use another mask on your 10.0.0.0 network, change the access-list wildcard accordingly...

HTH,

GP

patpawlowski · ‎05-13-2005

Thanks for the reply,

Just to clarify, the following line:

access-list 1 permit 10.0.0.0 0.255.255.255

the 0.255.255.255 indicates wild cards, sort of the opposite of a mask? Our mask is 255.255.255.0 so I assume, per comment, that I would use 0.0.0.255?

Thanks again for the help.