Specifications

NAT Configuration Examples

September 08, 2010 Page 16 of 18

ToconfigureClient3andClient4for dynamicNAPTtranslationontheNATrouter,wedefine

access‐list2topermitthelocalIPaddresses10.1.1.3and10.1.1.4.WethenconfigureNATpool

dynamicpoolwithaglobalrangeof200.1.1.3to200.1.1.3.Wethenenabledynamictranslationof

insideaddressesforoverload

associatingaccess‐list2withtheNATpoolnaptpool.

Enable NAT Inside and Outside Interfaces

EnableNATinsideinterface:

System(rw)->configure

System(rw-config)->interface vlan 10

System(su-config-intf-vlan.0.10)->ip nat inside

System(su-config-intf-vlan.0.10)->exit

System(rw-config)->interface vlan 20

System(su-config-intf-vlan.0.20)->ip nat inside

System(su-config-intf-vlan.0.20)->exit

System(rw-config)->

EnableNAToutsideinterface:

System(rw-config)->interface vlan 100

System(su-config-intf-vlan.0.100)->ip nat outside

System(su-config-intf-vlan.0.100)->exit

System(rw-config)->interface vlan 200

System(su-config-intf-vlan.0.200)->ip nat outside

System(su-config-intf-vlan.0.200)->exit

System(rw-config)->

Define Inside Address Access-Lists

Defineinsideaddressaccess‐list1forNATclients:

System(rw-config)->access-list 1 permit host 10.1.1.1

System(rw-config)->access-list 1 permit host 10.1.1.2

System(rw-config)->

Defineinsideaddressaccess‐list2forNAPTclients:

System(rw-config)->access-list 2 permit host 10.1.1.3

System(rw-config)->access-list 2 permit host 10.1.1.4

System(rw-config)->