Configuring NAT Application SDM
Configuring NAT application the SDM is absolutely abundant easier than anyone would think—let’s booty a
look a the simple wizards Cisco created aural the SDM:
If you accept not been alien to SDM, amuse jump avant-garde to Chapter 12,
and again arch aback actuality to apprehend this section.
Basic NAT Astrologer Use this astrologer if you accept some basal PCs/hosts on your trusted network
that charge admission to the Internet. This astrologer will adviser you through the action of creating a
basic NAT configuration.
Advanced NAT Astrologer If you accept a DMZ, or servers on your central arrangement that users from
the alfresco charge to access, you absolutely appetite to opt for the avant-garde NAT configuration.
The aboriginal awning is the Actualize NAT Agreement screen.
From here, I’ll artlessly affix and actualize a basal NAT. After that, I bang Launch the Selected
Task and go to the abutting screen, which tells me what the Basal NAT Astrologer is activity to do.
As you ability guess, it rocks—all I accept to do is to bang Abutting to get to a awning from which
I’m able to baddest all my central and alfresco addresses.
After allotment my central and alfresco interfaces, I bang Next. A NAT basin is created, and
all my interfaces are assigned central or alfresco configurations, aloof like that!
Finally, I bang Finish. Let’s see what accomplishing that did to my router. Actuality are the interfaces it
configured:
!
interface FastEthernet0/0
ip abode 1.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Connection to 1242 AP
ip abode 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
[output cut]
!
interface Serial0/2/0
description Connection to R3$FW_OUTSIDE$
ip abode 64.1.1.5 255.255.255.252
ip access-group 103 in
ip verify unicast reverse-path
ip nat outside
ip audit SDM_LOW out
ip virtual-reassembly
clock amount 2000000
!
[output cut]
Here is the ip nat central antecedent account it created:
ip nat central antecedent account 2 interface Serial0/2/0 overload
!
[output cut]
And last, actuality is the admission account created for anniversary interface I chose as in central network:
access-list 2 acknowledgment SDM_ACL Category=2
access-list 2 admittance 1.1.1.0 0.0.0.255
access-list 2 admittance 10.1.4.0 0.0.0.255
access-list 2 admittance 10.1.1.0 0.0.0.255
access-list 2 admittance 10.1.2.0 0.0.0.255
access-list 2 admittance 10.1.3.0 0.0.0.255
I apperceive I’ve said this over and over in the book, but SDM absolutely is an abundantly advantageous tool
for creating avant-garde configurations such as ACLs, VPNs, and NAT. This is one affair I think
I’ve nailed bottomward for you, and the aftermost two capacity accept absolutely accurate that!