Monday, 8 March 2010

Basic NAT with Overload

In this post I will configure basic NAT with overload to NAT addresses from the 10.0.2.0/24 network (inside) to the outside interface Ethernet 0.




I have already configured DHCP to hand out addresses to computers on the 10.0.2.0/24 network. I have also configured the router to be the DNS server for those computers.


I create a standard access-list defining the addresses I want to NAT.


router1(config)#ip access-list standard NAT
router1(config-std-nacl)#permit 10.0.2.0 0.0.0.255
router1(config-std-nacl)#end


I use a show command to view the access-list.


router1#sh ip access-lists
Standard IP access list NAT
10 permit 10.0.2.0, wildcard bits 0.0.0.255


I check my interfaces to make sure I know which I want to name as inside and outside.


router1(config)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 unassigned YES unset down down
Ethernet0 10.0.1.254 YES NVRAM up up
Ethernet1 10.0.2.254 YES NVRAM up up


I name the interfaces Inside and Outside


router1(config)#interface ethernet 0
router1(config-if)#ip nat outside
router1(config-if)#exit

router1(config)#interface ethernet 1
router1(config-if)#ip nat inside
router1(config-if)#exit


I Configue NAT to translate any addresses in the source access-list to the outside interface with overload.


router1(config)#ip nat inside source list NAT interface ethernet 0 overload


To test the configuration I connect to a website with a client that is behind the inside interface. Then I check the NAT translations on my router.


router1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 10.0.1.254:123 10.0.2.1:123 207.46.232.182:123 207.46.232.182:123
tcp 10.0.1.254:1149 10.0.2.1:1149 174.36.30.70:443 174.36.30.70:443