Static NAT on Cisco Router
Categories Cisco
we have to assign Gi0/0 as NAT inside interface and Gi0/1 as NAT outside interface on Router. This will tell the router that interesting traffic entering or exiting these two interfaces will be subject to address translation. Next we have to statically translate our inside local to inside global.
Router’s config:
Router#sh runn Building configuration... Current configuration : 3552 bytes ! ! Last configuration change at 02:33:55 UTC Sun Aug 2 2020 ! version 15.7 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! no ip icmp rate-limit unreachable ! ! ! ! ip dhcp pool PETE network 192.168.1.0 255.255.255.0 domain-name pete.lab default-router 192.168.1.1 dns-server 8.8.8.8 ! ! ! ip domain name pete.lab ip name-server 8.8.8.8 ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! redundancy ! lldp run no cdp log mismatch duplex ! ip tcp synwait-time 5 ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback2 ip address 192.168.22.2 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/3 no ip address shutdown duplex auto speed auto media-type rj45 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat inside source static 192.168.1.2 192.168.122.156 ip route 0.0.0.0 0.0.0.0 192.168.122.1 ! ipv6 ioam timestamp ! ! ! control-plane ! banner exec ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner incoming ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner login ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login transport input none ! no scheduler allocate ! end
From our Linux PC we ping out to google.com to test.
On our router we can see the address translation debug output.
debug ip nat
term mon
We can also look and see the statistics for our address translation:
sh ip nat stat
We can look at the translations that are occuring in an easy human readable format as well:
sh ip nat trans