Welcome to the Network Engineering Domain
Pape O. Fall's Blog
Let’s illustrate how to configure Static NAT. At this point, if you are unfamiliar with NAT then please read this post here first.
We will use the following topology to make our point…
Here, we have Host A which needs to connect to the web server. Host A IP address is 192.168.1.1 (Inside Local) which is not routable on the Internet. We will statically NAT Host A Private IP address to 108.57.60.240 (Inside Global Address).
Now depending on the direction of the translation, the end interfaces of the NAT enabled router should be configured as either “ip nat inside” or “ip nat outside”.
In our case here, we need to translate Host A IP address to the Inside Local address. In that sense, the interface with the default gateway address should be configured with “ip nat inside” and the interface interfacing with the internet should be configured with “ip nat outside”.
Let’s do that…
Good ! Now that we have defined our interfaces correctly, we need to instruct the router to perform a static NAT to translate the Inside Local address to the Inside Global address. The commands is as such: ip nat inside source static …
Let’s do that…
Here observe that we can get very granualar with our configuration as it provides us with many different options which solves different scenarios and designs. For the sake of Static NAT which is also refered as Basic NAT, we only instruct the router to perform a basic “Inside address translation”.
Let’s enable debug on the far end…
Let’s now ping from the Host to the Web server…
Let’s check our NAT table on RT01RL…
Good ! Here you can see that the Inside Global address is statically mapped to the Inside Local address before the icmp traffic. This entry will always exist on the NAT table as it is statically defined.
Notice here how both the Outside Local and Outside Global address has been populated once the ping request passed through the router.
Let’s take a look at our debug output on the far end and see what we can make out…
What I would like to bring to your attention here is that the Inside Local address is completely unknown to the web server. The IP address in the datagram header has been rewritten as it passes through the router. Hence, the web server received a packet with a source address of 108.57.60.240.
The Web Server then replies with a destination of 108.57.60.240.
That’s all I have for you today. Please let me know if you have any questions.
Hello I'm Pape. My friends call me Pop. I'm CCIE #48357. I enjoy my field and love to share it with others. I love to write so I'm sharing my blog with you.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Leave a Reply