Thursday, June 6, 2024

Cisco 128 - Static NAT

Configures static one-to-one mappings of private IP addresses to public IP addresses.

IP Address Terms:
- Inside Local = IP addr of the inside host from the perspective of the local network.  Ex)192.168.0.167
- Inside Global = The IP address of the inside host AFTER NAT.  Usually a public and routable IP address.

- Outside Local = IP address of outside host from the perspective of the local network.  Ex) 8.8.8.8
- Outside Global = IP address of the outside host from the perspective of the rest of the world.  Ex) Also 8.8.8.8

For our purposes these two addresses are usually the same for static NAT:
- Outside Local
- Outside Global



R1(config)#int g0/1
R1(config-if)#ip nat inside

R1(config)#int g0/0
R1(config-if)#ip nat outside
^ These two commands tell the router on which interfaces to enable NAT.  One inside (internal), one outside (external).

R1(config)#ip nat inside source static <inside-local-ip-addr> <inside-global-ip-addr>
^ This configures the mapping of the internal IP address to the publicly routable external IP address.


Note that at first blush this makes static NAT seem useless because it still requires the same number of public routable IP addresses.  It's not NAT behind a firewall like what we're used to.  However, it truly provides NAT services - it "hides" the internal IP from the external world.  It's just that each private internal IP address has to have an extra external IP address that it can use for Internet purposes.

Examples:
R1(config)#ip nat inside source static 192.168.0.167 100.0.0.1
R1(config)#ip nat inside source static 192.168.0.168 100.0.0.2


R1#ip nat translations
^ Shows what mappings exist and how they are being used.  Look for port numbers on active "in use" IP addresses.




R1#ip nat statistics
^ Displays info about NAT such as how many NAT mappings have been defined, how many are dynamically in use, and which interfaces are confgured for static NAT.

R1#clear ip nat translation *
^ This clears all the dynamic (in flight) used NAT translations.  (The mappings with port numbers will be removed).


[These are my notes from Jeremy's excellent CCNA course which can be viewed here.] 


Posted by
Labels: