NAT, normally applies INSIDE to OUTSIDE (example: to internet)
Sometimes, applies INSIDE to INSIDE (example: internal web application)
most commonly used NAT are:
- 1 to 1 Static NAT (example: public website, www.something.com)
- 1 to Many Dynamic NAT (or) PAT (example: enterprise user network)
the other NAT (for Cisco ASA) are:
- NAT ZERO (or) NAT excemption (example: site to site VPN)
- Static Identity NAT
- Dynamic Identity NAT
- Static Policy Identity NAT
for more detail click HERE
Below is an example for 1 to many NAT (PAT) Configuration on Cisco ROUTER,
Step 1
! define the NAT interface
interface e0/0
ip address 192.168.1.1 255.255.255.252
ip nat outside
no shut
interface e0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
no shut
Step 2
!define the Access-list
access-list 1 permit 10.1.1.1 0.0.0.255
access-list 1 deny any
Step 3
!define the NAT
ip nat inside source list 1 interface e0/0 overload
Step 4
!verification
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.1.1:3 10.1.1.2:3 192.168.1.2:3 192.168.1.2:3
R1#debug ip nat
NAT*: s=10.1.1.2->192.168.1.1, d=192.168.1.2 [25]
=======================================
Foot Notes:
Before Natting, ensure TCP reachability to NAT addresses.
No comments:
Post a Comment