Configuring NAT to Perform Overlapping
Address Translation
Configuring NAT to perform overlapping address translation is similar to configuring dynamic
NAT. The difference is that you must identify and apply a pool of addresses for the NAT border
router interface connecting to the inside network interface, as well as a pool to allow for connection
to the outside network.
You will start the NAT configuration process in global configuration mode. The pool of
addresses used in the inside network is 10.1.2.1 to 10.1.2.254. On the outside interface, you will
configure a smaller pool of addresses that are globally routable on the Internet, assuming not
all 100 of your PCs will need to access the outside network at the same time. The pool of
addresses you will configure will be 200.1.1.1 to 200.1.1.50. It is assumed that the NAT border
router is configured with routing, and the interfaces are configured with the proper IP addresses.
Again, assume that your inside network is connected to the Ethernet 0 interface on the router,
and the serial 0 interface connects your NAT border router to the outside network.
To configure the NAT router to perform overlapping address translation, complete the following
steps:
1. Define a standard IP access list for the IP addresses on the inside network, as discussed earlier
in the “Configuring Dynamic NAT, Inside Global Address Overloading, and TCP Load
Distribution” section. The access list needs to be configured to permit traffic on the inside
network that needs to be translated by NAT:
BorderRouter(config)#access-list 2 permit 10.1.2.0 0.0.0.255
2. Define an IP NAT pool for the inside network addresses. The pool name will be called
outsidepool, and the range of addresses is 192.168.1.1 to 192.168.1.253. The final syntax
indicates the number of bits for the subnet mask. You can also use the command
netmask 255.255.255.0 as shown in step 3, which also identifies a 24-bit subnet mask.
The pool does not include address 192.168.1.254 because that is the NAT border router’s
inside interface IP address:
BorderRouter(config)#ip nat pool outsidepool 192.168.1.1 192.168.1.253
➥prefix-length 24
3. Define an IP NAT pool for the inside local network addresses. The pool name will be called
insidepool, and the range of addresses is 200.1.1.1 to 200.1.1.50:
BorderRouter(config)#ip nat pool insidepool 200.1.1.1 200.1.1.50 netmask
➥255.255.255.0
4. Next, associate the previously created access list to the previously created inside NAT pool
with the following command:
BorderRouter(config)#ip nat inside source list 2 pool insidepool
Again, you can use the overload command after the NAT pool name to reuse
IP addresses in the pool.
5. Also, associate the same access list used in the previous command to the outside NAT pool
with the following command:
BorderRouter(config)# ip nat outside source list 2 pool
➥outsidepool
6. For NAT to work, you must first configure the interface that connects your inside network
to the router. To configure Ethernet 0 as the inside NAT interface, use the following commands
from global configuration mode:
BorderRouter(config)#interface e0
BorderRouter(config-if)#ip nat inside
BorderRouter(config-if)#
7. Next, you need to enable NAT on the serial 0 interface connected to your outside network.
From global configuration mode, use the following commands:
BorderRouter(config)#interface s0
BorderRouter(config-if)#ip nat outside
BorderRouter(config-if)#
The finished NAT router configuration follows:
ip nat pool insidepool200.1.1.1 200.1.1.50 netmask 255.255.255.0
ip nat pool outsidepool 192.168.1.1 192.168.1.253prefix-length 24
ip nat outside source list 2 pool outsidepool
ip nat inside source list 2 pool insidepool!
interface Serial0
ip address 200.1.1.51 255.255.255.0
ip nat outside
!
interface Ethernet0
ip address 10.1.2.254 255.255.255.0
ip nat inside
!
access-list 2 permit 10.1.2.0 0.0.0.255