Specifications

NAT Configuration Examples

September 08, 2010 Page 14 of 18

System(su-config-intf-vlan.0.10)->exit

System(rw-config)->

EnableNAToutsideinterface:

System(rw-config)->interface vlan 100

System(su-config-intf-vlan.0.100)->ip nat outside

System(su-config-intf-vlan.0.100)->exit

System(rw-config)->

Enable Static Translation of Inside Source Addresses

EnabletheNATstatictranslationoftheinsidesourceaddress:

System(rw-config)->ip nat inside source static 10.1.1.1 200.1.1.1

EnabletheNAPTstatictranslationoftheinsidesourceaddress:

System(rw-config)->ip nat inside source static tcp 10.1.1.2:125 200.1.1.2:1025

NAT Dynamic Configuration Example

ThisexamplestepsyouthroughaNATDynamicConfigurationforbothNATandNAPT

translationmethods.SeeFigure 6onpage 15 foradepictionoftheexamplesetup.

OurdynamicNATconfigurationexampleconfiguresfourclients:Client1andClient2withNAT

translationandClient3andClient4withNAPT translation.ThetwoNAT

clientsareonthe

internalprivatenetworkVLAN10interfaceandcommunicatewithServer1overtheexternal

publicnetworkVLAN100interface.ThetwoNAPTclientsareontheinternalprivatenetwork

VLAN20andcommunicatewithServer1overtheexternalpublicnetworkVLAN200interface.

NATisenabledonVLAN

10andVLAN20asinsideinterfaces.NATisenabledonVLAN100and

VLAN200asoutsideinterfaces.ThesearetheonlyVLANsoverwhichtranslationoccursforthe

dynamicportionofthisconfigurationexample.

ToconfigureClient1andClient2for dynamicNATtranslationontheNATrouter,wedefine



access‐list1topermitthelocalIPaddresses10.1.1.1and10.1.1.2.WethenconfiguretheNAT

translationNATpoolnatpoolwiththeglobaladdressrangeof200.1.1.1to200.1.1.2.Wethen

enabledynamictranslationofinsideaddressesassociatingaccess‐list1withtheNATpool

natpool.