Sample Configuration Using the ip nat outside source static

Similar documents
Sample Configuration Using the ip nat outside source list C

Configuring Static and Dynamic NAT Simultaneously

Table of Contents. Cisco Configuring CET Encryption with a GRE Tunnel

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

Configuring the Cisco Secure PIX Firewall with a Single Intern

Table of Contents. Cisco Mapping Outbound VoIP Calls to Specific Digital Voice Ports

Table of Contents. Cisco How Does Load Balancing Work?

Cisco Configuring Commonly Used IP ACLs

Lab Load Balancing Across Multiple Paths

Table of Contents. Cisco Configuring a Basic MPLS VPN

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

Document ID: Introduction

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

IOS NAT Load Balancing for Two ISP Connections

LAB Configuring NAT. Objective. Background/Preparation

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

Cisco Secure PIX Firewall with Two Routers Configuration Example

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

LAB THREE STATIC ROUTING

Configuring a Gateway of Last Resort Using IP Commands

Firewall Stateful Inspection of ICMP

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

Skills Assessment Student Training Exam

Cisco Configuring Basic MPLS Using OSPF

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

Lab Organizing CCENT Objectives by OSI Layer

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

BRI to PRI Connection Using Data Over Voice

Understanding Route Aggregation in BGP

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Configure ISDN Backup and VPN Connection

Lab Load Balancing Across Multiple Paths Instructor Version 2500

isco Connecting Routers Back to Back Through the AUX P

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

PIX/ASA 7.x with Syslog Configuration Example

Lab Diagramming External Traffic Flows

Troubleshooting the Firewall Services Module

How To Configure InterVLAN Routing on Layer 3 Switches

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Troubleshooting Load Balancing Over Parallel Links Using Cisco Express Forwarding

Network Simulator Lab Study Plan

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Firewall Stateful Inspection of ICMP

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Expert Reference Series of White Papers. The Basics of Configuring and Using Cisco Network Address Translation

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Lab QoS Classification and Policing Using CAR

Configuring DNS on Cisco Routers

Lab Configuring Access Policies and DMZ Settings

Lab Developing ACLs to Implement Firewall Rule Sets

Topic 7 DHCP and NAT. Networking BAsics.

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Configuration of Cisco Routers. Mario Baldi

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Configuring a Leased Line

Policy Based Forwarding

Instructor Notes for Lab 3

IPv6 Fundamentals: A Straightforward Approach

Configuring the PIX Firewall with PDM

Lab Advanced Telnet Operations

Understanding and Configuring NAT Tech Note PAN-OS 4.1

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Device Interface IP Address Subnet Mask Default Gateway

Exercise 4 MPLS router configuration

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

ICS 351: Today's plan

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Chapter 2 Lab 2-2, EIGRP Load Balancing

Lab PC Network TCP/IP Configuration

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Troubleshooting the Firewall Services Module

co Characterizing and Tracing Packet Floods Using Cisco R

04 Internet Protocol (IP)

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

Cisco Networking Professional-6Months Project Based Training

Lab Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips

Lab Exercise Configure the PIX Firewall and a Cisco Router

VPNC Interoperability Profile

H3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5)

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

Troubleshooting Second B channel Call Failures on ISDN B

CURSO DE PREPARACION PARA LA CERTIFICACION CCNA (Cisco Certified Network Associate)

Firewall Troubleshooting

Routing Protocols and Concepts Chapter 2 Conceitos de protocolos de Encaminhamento Cap 2

Router and Routing Basics

Lab 6.1 Configuring a Cisco IOS Firewall Using SDM

Cisco Which VPN Solution is Right for You?

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

Introduction to Network Address Translation

Configuring the CSS and Cache Engine for Reverse Proxy Caching

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Lab - Observing DNS Resolution

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

isco Troubleshooting Input Queue Drops and Output Queue D

Using IPM to Measure Network Performance

1 PC to WX64 direction connection with crossover cable or hub/switch

Transcription:

Sample Configuration Using the ip nat outside source static

Table of Contents Sample Configuration Using the ip nat outside source static Command...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Configure...1 Network Diagram...1 Configurations...2 Verify...3 Troubleshoot...3 Summary...4 Related Information...5 i

Sample Configuration Using the ip nat outside source static Command Introduction Before You Begin Conventions Prerequisites Components Used Configure Network Diagram Configurations Verify Troubleshoot Summary Related Information Introduction This document provides a sample configuration using the ip nat outside source static command, including a brief description of what happens to the IP packet during the NAT process. Consider the following network topology as an example. Before You Begin Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. Prerequisites There are no specific prerequisites for this document. Components Used This document is not restricted to specific software and hardware versions. Configure In this section, you are presented with the information to configure the features described in this document. Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only). Network Diagram This document uses the network setup shown in the diagram below.

When you issue a ping sourced from Router 2514w's Loopback1 interface destined to Router 2501e's Loopback0 interface, the following happens: On the outside interface of Router 2514x, the ping packet shows up with a Source Address (SA) of 172.16.89.32 and a Destination Address (DA) of 171.68.1.1. NAT translates the SA to the inside global address 171.68.16.5 (according to the ip nat outside source static command configured on Router 2514x). Router 2514x then checks its routing table for a route to 171.68.1.1. If the route does not exist, Router 2514x drops the packet. In this case, Router 2514x has a route to 171.68.1.1 through the static route to 171.68.1.0, so it forwards the packet to the destination. Router 2501e sees the packet on its incoming interface with an SA of 171.68.16.5, and a DA of 171.68.1.1. It responds by sending an Internet Control Message Protocol (ICMP) echo reply to 171.68.16.5. If it does not have a route, it drops the packet. However, in this case, it has the (default) route, so it sends a reply packet to Router 2514x, using a SA of 171.68.1.1, and a DA of 171.68.16.5. Router 2514x sees the packet and checks for a route to the 171.68.16.5 address. If it does not have one, it responds with an ICMP unreachable reply. In this case, it has a route to 171.68.16.5 (due to the static route), so it translates the packet back to the 172.16.89.32 address, and forwards it out its outside interface. Configurations Router 2514w hostname rp 2514w interface Loopback1 ip address 172.16.89.32 255.255.255.0 interface Ethernet1 no ip address no ip mroute cache interface Serial0 ip address 172.16.191.254 255.255.255.252 no ip mroute cache ip classless ip route 0.0.0.0 0.0.0.0 172.16.191.253 Router 2514x

hostname rp 2514X ip nat outside source static 172.16.89.32 171.68.16.5 interface Ethernet1 ip address 171.68.192.202 255.255.255.0 ip nat inside no ip mroute cache no ip route cache interface Serial1 ip address 172.16.191.253 255.255.255.252 no ip route cache ip nat outside clockrate 2000000 ip classless ip route 172.16.89.0 255.255.255.0 172.16.191.254 ip route 171.68.1.0 255.255.255.0 171.68.192.201 ip route 171.68.16.0 255.255.255.0 172.16.191.254 Router 2501e hostname rp 2501E interface Loopback0 ip address 171.68.1.1 255.255.255.0 interface Ethernet0 ip address 171.68.192.201 255.255.255.0 ip classless ip route 0.0.0.0 0.0.0.0 171.68.192.202 Verify There is currently no verification procedure available for this configuration. Troubleshoot This example used the NAT translation debugging and IP packet debugging to demonstrate the NAT process. Note: Because the debug commands generate a significant amount of output, use them only when traffic on the IP network is low, so other activity on the system is not adversely affected. The following output shows the first packet arriving on the outside interface of Router 2514X. The source address of 172.16.89.32 gets translated to 171.68.16.5. The ICMP packet is forwarded toward the destination out the Ethernet1 interface. 1d00h: NAT*: s=172.16.89.32 >171.68.16.5, d=171.68.1.1 [15] The following output shows the return packet sourced from 171.68.1.1 with a destination address of

171.68.16.5, which gets translated to 172.16.89.32. The resulting ICMP packet gets forwarded out the Serial1 interface. 1d00h: NAT: s=171.68.1.1, d=171.68.16.5 >172.16.89.32 [15] The exchange of ICMP packets continues. The NAT process for the following debug output is the same as that described above. 1d00h: NAT*: s=172.16.89.32 >171.68.16.5, d=171.68.1.1 [16] 1d00h: NAT: s=171.68.1.1, d=171.68.16.5 >172.16.89.32 [16] 1d00h: NAT*: s=172.16.89.32 >171.68.16.5, d=171.68.1.1 [17] 1d00h: NAT: s=171.68.1.1, d=171.68.16.5 >172.16.89.32 [17] 1d00h: NAT*: s=172.16.89.32 >171.68.16.5, d=171.68.1.1 [18] 1d00h: NAT: s=171.68.1.1, d=171.68.16.5 >172.16.89.32 [18] 1d00h: NAT*: s=172.16.89.32 >171.68.16.5, d=171.68.1.1 [19] 1d00h: NAT: s=171.68.1.1, d=171.68.16.5 >172.16.89.32 [19] Summary There are two important things to note in this example. First, when the packet travels from outside to inside, translation occurs first, and then the routing table is checked for the destination. When the packet travels from inside to outside, the routing table is checked for the destination first, and then translation occurs. For more information refer to NAT Order of Operation.

Secondly, it is important to note which part of the IP packet gets translated when using each of the commands above. The following table contains a guideline: Command ip nat outside source static Action translates the source of the IP packets that are traveling outside to inside translates the destination of the IP packets that are traveling inside to outside ip nat inside source static translates the source of IP packets that are traveling inside to outside translates the destination of the IP packets that are traveling outside to inside What the above guidelines indicate is that there is more than one way to translate a packet. Depending on your specific needs, you should determine how to define the NAT interfaces (inside or outside) and what routes the routing table should contain before or after translation. Keep in mind that the portion of the packet that will be translated depends upon the direction the packet is traveling, and how you configured NAT. Related Information Sample Configuration Using the ip nat outside source list Command Configuring Network Address Translation: Getting Started NAT Support Page Technical Support Cisco Systems All contents are Copyright 1992 2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information