All Cisco-Network Study Notes: Configuring Static NAT

Configuring Static NAT
Static NAT maps an illegal inside IP address to a legal global IP address so that the data can be sent
through the Internet. Before trying to configure static NAT, IP routing should be enabled on your
router, and the appropriate IP addresses and subnet masks should be configured on each interface.
Let’s start the configuration process in global configuration mode, assuming that you have
only one interface on the router connected to your inside network. In this example, the PC using
the illegal inside IP address of 10.1.2.25 needs to access data on the Internet. When the NAT
border router receives a packet going to the outside network from the IP address of 10.1.2.25,
you will configure it to translate the source address to a legally usable address of 200.1.1.25. Do
this by using the following command:
BorderRouter(config)#ip nat inside source static 10.1.2.25 200.1.1.25
To enable NAT, you must first select the interface that connects your inside network to the
router or internal route processor. There is at least one interface on the router connected to
the inside network and at least one interface connected to the outside network. You need
to identify each and enable NAT on both with different commands. In this example, the router’s
inside network interface is Ethernet 0, and the outside interface is serial 0. To configure
Ethernet 0 as a NAT inside interface, use the following steps from global configuration mode:
1. Enter the interface configuration mode, enable NAT, and identify whether you would like
NAT to translate inside or outside addresses. In this example, you will have NAT translate
inside addresses to outside addresses:
BorderRouter(config)#interface ethernet0
BorderRouter(config-if)#ip nat inside
BorderRouter(config-if)#
2. Next, you need to configure serial 0 as the interface connected to your outside network.
From global configuration mode, use the following commands:
BorderRouter(config)#interface serial0
BorderRouter(config-if)#ip nat outside
BorderRouter(config-if)#
3. You should see the following when displaying the router configuration. The IP addresses
of 10.1.2.254 and 200.1.1.1 are the IP addresses configured on the physical interfaces on
the router:
!
interface Ethernet0
ip address 10.1.2.254 255.255.0.0
ip nat inside
!
interface Serial0
ip address 200.1.1.1 255.255.0.0
ip nat outside