NAT

NAT:

Static: one specific public ip - one specific private (#publics=#privates)
Dynamic: Pool of private IPs - Pool of public IPs (#publics=#privates), dynamicly supplied
Overloading(PAT): Pool of privates IPs - One public

Configuration Rules for Static
ip nat
ip nat inside source
inside source - starting point of translation
ip nat inside source static
static - type of translation: Static
ip nat inside source static 192.168.1.5 85.238.xx.xx
192.168.1.5 85.238.xx.xx - what to translate

Rules for Dynamic
Creating predifined pool of IPs
ip nat pool
ip nat pool KOTE
pool KOTE - assigning a name to the pool

1 ip nat pool KOTE 85.238.45.2 85.238.45.254 netmask 255.255.255.0
85.238.45.2 85.238.45.254 netmask 255.255.255.0 - giving pool boundaries and a mask

Creating predifined Access List
2 access-list 10 permit 192.168.1.0 0.0.0.255

3 ip nat inside source list 10 pool KOTE

Rules for Overload
Same, exept for
ip nat pool KOTE1 85.238.XX.2 85.238.XX.2 netmask 255.255.255.255
pool is reduced to 1 IP adddress

ip nat inside source list 10 pool KOTE overload

Method	Configuration Process	Command Examples
Static NAT	Configure static mappings (mapping inside local addresses to outside local addresses)	Router(config)#ip nat inside source static 192.168.1.1 203.44.55.1
Static NAT	Identify inside and outside interfaces	Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside
Dynamic NAT	Define an inside global address pool	Router(config)#ip nat pool mary 203.44.55.1 203.44.55.254 netmask 255.255.255.250
	Identify allowed translated inside local addresses	Router(config)#access-list 1 permit 192.168.1.1 0.0.0.255
	Associate the allowed list with the pool	Router(config)#ip nat inside source list 1 pool mary
	Identify inside and outside interfaces	Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside
Overloaded with PAT	Identify allowed translated inside local addresses	Router(config)#access-list 1 permit 192.168.1.1 0.0.0.255
	Associate the allowed list with the inside interface and identify the translation type as overloaded	Router(config)#ip nat inside source list 1 interface serial0 overload
	Identify inside and outside interfaces	Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside

interface FastEthernet0/0
 ip address 85.238.XX.XX 255.255.255.252
ip nat outside

interface FastEthernet0/1
 ip address 192.168.5.1 255.255.255.0
 ip nat inside

access-list 1 permit 192.168.5.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/0 overload
----------------

sh ip nat translation - to vew table
debug ip nat -
clear ip nat translation - clear nat entries
clear ip nat translation * - clear ALL entries
ip nat translation max-entries - define max number of mappings, each one needs about 160 bytes pool (refcount) - to check into dynamic pools, types, total available addresses, allocated/failed addresses and a number of translation.
sh ip nat statistics - to viw summary of nat cobfiguration, number of active translation, missed/expired translations.

 192.168.1.2		85.238.xx.xx

            INSIDE

local                     global



==========================================
==========================================
==========================================



Source			Destination

             OUTSIDE

local                     global