Solved: Re: Static NAT for a complete subnet

elilraj07 · ‎11-11-2009

Hi,

Is it possible to statically NAT a complete subnet?

I have a need to NAT 10.10/16 to 172.168/16 where 10.10.x.y is NAT to 172.16.x.y.

How can this be done?

Rgds,

Elil

Giuseppe Larosa · ‎11-11-2009

Hello Elil,

yes it is possible the

ip nat source static command accepts a network option

this can be very handy in some migration scenarios

see

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696

Hope to help

Giuseppe

View solution in original post

adamclarkuk_2 · ‎11-11-2009

Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)

Wan interface

-------------

interface FastEthernet0/0

ip address 172.16.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex half

end

Lan interface

-------------

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

end

NAT statement

-------------

R1#sh run | inc ip nat

ip nat outside

ip nat inside

ip nat inside source static network 10.10.0.0 172.168.0.0 /24

I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2

Results of show ip nat translations

R1#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4

--- 172.168.0.1 10.10.0.1 --- ---

icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5

--- 172.168.0.2 10.10.0.2 --- ---

--- 172.168.0.0 10.10.0.0 --- ---

Output of debug ip icmp on destination router

*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1

*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2

HTH

View solution in original post

Giuseppe Larosa · ‎11-11-2009

Hello Elil,

yes it is possible the

ip nat source static command accepts a network option

this can be very handy in some migration scenarios

see

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696

Hope to help

Giuseppe

elilraj07 · ‎11-11-2009

Thanks Giuseppe,

This is exactly what i was looking for.

Rgds,

Elil

adamclarkuk_2 · ‎11-11-2009

Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)

Wan interface

-------------

interface FastEthernet0/0

ip address 172.16.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex half

end

Lan interface

-------------

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

end

NAT statement

-------------

R1#sh run | inc ip nat

ip nat outside

ip nat inside

ip nat inside source static network 10.10.0.0 172.168.0.0 /24

I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2

Results of show ip nat translations

R1#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4

--- 172.168.0.1 10.10.0.1 --- ---

icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5

--- 172.168.0.2 10.10.0.2 --- ---

--- 172.168.0.0 10.10.0.0 --- ---

Output of debug ip icmp on destination router

*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1

*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2

HTH

elilraj07 · ‎11-11-2009

Thanks Adam,

This is exactly what I was looking for.

Rgds,

Elil