11-11-2009 09:42 AM - edited 03-04-2019 06:40 AM
Hi,
Is it possible to statically NAT a complete subnet?
I have a need to NAT 10.10/16 to 172.168/16 where 10.10.x.y is NAT to 172.16.x.y.
How can this be done?
Rgds,
Elil
Solved! Go to Solution.
11-11-2009 09:49 AM
Hello Elil,
yes it is possible the
ip nat source static command accepts a network option
this can be very handy in some migration scenarios
p nat inside source static network local-network global-network mask [extendable | no-alias | no-payload | mapping-id map-id | redundancy group-name | vrf name]
see
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696
Hope to help
Giuseppe
11-11-2009 11:28 AM
Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)
Wan interface
-------------
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex half
end
Lan interface
-------------
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
end
NAT statement
-------------
R1#sh run | inc ip nat
ip nat outside
ip nat inside
ip nat inside source static network 10.10.0.0 172.168.0.0 /24
I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2
Results of show ip nat translations
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4
--- 172.168.0.1 10.10.0.1 --- ---
icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5
--- 172.168.0.2 10.10.0.2 --- ---
--- 172.168.0.0 10.10.0.0 --- ---
Output of debug ip icmp on destination router
*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1
*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2
HTH
11-11-2009 09:49 AM
Hello Elil,
yes it is possible the
ip nat source static command accepts a network option
this can be very handy in some migration scenarios
p nat inside source static network local-network global-network mask [extendable | no-alias | no-payload | mapping-id map-id | redundancy group-name | vrf name]
see
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696
Hope to help
Giuseppe
11-11-2009 01:15 PM
Thanks Giuseppe,
This is exactly what i was looking for.
Rgds,
Elil
11-11-2009 11:28 AM
Just to elaborate on what Giuseppe has said, here is a configuration example using inside and outside NAT domains and not NVI (which is generally a lot easier to do)
Wan interface
-------------
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex half
end
Lan interface
-------------
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
end
NAT statement
-------------
R1#sh run | inc ip nat
ip nat outside
ip nat inside
ip nat inside source static network 10.10.0.0 172.168.0.0 /24
I then sent ping requests through the router from 10.10.0.1 and 10.10.0.2
Results of show ip nat translations
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.168.0.1:4 10.10.0.1:4 1.1.1.1:4 1.1.1.1:4
--- 172.168.0.1 10.10.0.1 --- ---
icmp 172.168.0.2:5 10.10.0.2:5 1.1.1.1:5 1.1.1.1:5
--- 172.168.0.2 10.10.0.2 --- ---
--- 172.168.0.0 10.10.0.0 --- ---
Output of debug ip icmp on destination router
*Nov 11 19:24:04.383: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.1
*Nov 11 19:24:25.931: ICMP: echo reply sent, src 1.1.1.1, dst 172.168.0.2
HTH
11-11-2009 01:14 PM
Thanks Adam,
This is exactly what I was looking for.
Rgds,
Elil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide