05-13-2007 11:11 PM - edited 03-03-2019 04:57 PM
Hi All
I am struck up with NAT while configuring the router.
The issue is, there are 3 different subnet in my LAN. I wanna NAT all these IP like this.
ip nat inside source static 10.10.10.1 172.16.131.1
ip nat inside source static 10.10.10.2 172.16.131.2
ip nat inside source static 10.10.10.3 172.16.131.3
ip nat inside source NATME interface serial 0 overload
access-list permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1
!
int s0/0
ip nat outside
!
int fa0/0
ip nat inside
From the above config, I wanna do Static NAT for 10.10.10.1, 2 & 3 and dynamic NAT for rest of the IPs in the same subnet.
Please clarify me that if the above NAT is correct? as I am implementing in live n/w I wanna clear myself on this.
Thanks in Adv
05-13-2007 11:23 PM
Hi,
As a rule, in static NAT, a translation is statically configured and is placed in the translation table without the need for any traffic, and they remain in the translation table until you delete the static NAT command(s). While with dynamic NAT, the translation table in the router is initially empty and gets populated once traffic that needs to be translated passes through the router, also dynamic translations have a timeout period after which they are purged from the translation table.
So your configuration should work properly.
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
05-13-2007 11:28 PM
Hi Mohammed
To be honest that's what i thought until i read the FAQ. Do you have this working in a production environment ?
If so i guess the FAQ is a but outdated. If not i could do quick test in our lab.
Jon
05-13-2007 11:25 PM
Hi
From the Cisco FAQ on NAT
=============================================
Q. Is it possible to build a configuration with both static and dynamic NAT translations?
A. Yes, this is possible. The caveat that the global addresses use in static translations are not automatically excluded with dynamic pools that contain those global addresses. You must create your dynamic pools to exclude addresses assigned via static entries.
=============================================
So i think you should exclude the first 3 addresses from your global pool.
HTH
Jon
05-14-2007 12:14 AM
hi Jon,
According to this document it can be done without the exclusion, but i'll check it for more certainty:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml
HTH,
Mohammed Mahmoud.
05-14-2007 01:20 AM
Hi Mohammed
Yep, just tested it in our lab and it looks like you can do it without the exclusion so 5 points winging their way to you !!!
Jon
05-13-2007 11:33 PM
Hi
I dnot see any nat pool configured.
what is the range of u r ips.
what is NATME..?
there are no ip address on u r interfaces.
Thanks
Mahmood
05-13-2007 11:51 PM
Hi Mohamood
Here NATME is the extended ACL name. here I have given the fake IP address of the interface..
I need the static translation for first three IPs
ip nat inside source NATME interface serial 0 overload
access-list extended NATME permit ip 10.10.10.0 0.0.0.255 host 200.100.100.1
!
int s0/0
ip address 1.1.1.1 255.255.2555.0 (Duplicate IP)
ip nat outside
!
int fa0/0
IP address 10.10.10.200 255.255.255.0
ip nat inside
05-14-2007 12:54 AM
There is no IP pool, instead of that I am using the serial interface with overload. will this NAT config work as I expected...?
Please clarify me..its bit urgent..
Thanks
05-14-2007 12:57 AM
hi,
According to this document it can be done without the exclusion, any way i'll try to test it for you.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml
HTH, please do rate all helpful replies,
Mohammed Mahmoud
05-14-2007 01:07 AM
Yes mohammed, I read this link...in this it was configured with IP Pool. But I need to do the same with interface...is it possible..
it would be greatful If you can do a test for me...
thanks
05-14-2007 01:19 AM
Hi
Mohammed is dead right in this instance. I have just tested in our lab and you can use your config as suggested so it looks like the NAT FAQ is somewhat out of date.
Yes you can do it with the interface as this is what i tested in the lab
HTH
Jon
05-14-2007 01:26 AM
Hi Jon & Mohammed
Thanks for your help. Let me try the same in real network..now..
05-14-2007 01:27 AM
Hi Jon,
I've just tested also my self, and its running, as you said it seems that this FAQ is outdated.
HTH,
Mohammed Mahmoud.
05-14-2007 01:29 AM
hi,
You are welcomed, please never hesitate for any further questions.
HTH,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide