Monday, 21 October 2019

Static NAT Configuration on Cisco

Static NAT Configuration on Cisco

In this blog post you will have the brief details of Static NAT Configuration on Cisco. Static NAT is a one-to-one assignment between an internal address and an external address. Static NAT allows external devices to initiate connections to internal devices through the statically assigned public address. For example, a specific internal global address can be assigned to an internal web server so that it can be accessed from external networks. If you want to learn what is NAT you can visit here.
In figure, an internal network containing a web server with a private IPv4 address is shown. Router R2 was configured with static NAT to allow devices on the external network (Internet) to access the web server. The client in the external network accesses the web server through a public IPv4 address. Static NAT translates the public IPv4 address to the private IPv4 address.

Steps to configure static NAT

There are two basic steps to configure static NAT translations.


  • Step 1:  The first step is to create an assignment between the internal local address and the internal global addresses. For example, in Image 1, the internal local address 192.168.10.254 and the internal global address 209.165.201.5 were configured as static NAT translation.
  • Step 2:  Once the assignment is configured, the interfaces involved in the translation are configured as internal or external with respect to NAT. In the example, the Serial 0/0/0 interface of R2 is an internal interface, and the Serial 0/1/0 interface is an external interface.

The packets that reach the internal interface of R2 (Serial 0/0/0) from the configured internal local IPv4 address (192.168.10.254) are translated and then forwarded to the external network. The packets that arrive at the external interface of R2 (Serial 0/1/0), which are addressed to the configured internal global IPv4 address (209.165.201.5), are translated to the internal local address (192.168.10.254) and then , are forwarded to the internal network.
The following describes the commands necessary to configure static NAT.
  • Static translation is established between an internal local address and an internal global address:
Router (config) # ip nat inside source static local-ip global-ip
Enter the following global configuration mode command to eliminate dynamic source translation: no ip nat inside source static
  • Specify the internal interface:
Router (config) # interface  type number
Enter the interface command The CLI entry request changes from (config) # to (config-if) #
  • Mark the interface as connected to the interior:
Router (config-if) # ip nat inside
  • Exit interface configuration mode:
Router (config-if) # exit
  • Specify the external interface.
Router (config) # interface  type number
  • Mark the interface as connected to the outside.
Router (config-if) # ip nat outside
Static NAT configuration example
In figure1, the necessary commands are shown in R2 to create a static NAT mapping to the web server in the example topology.
With the configuration shown, R2 translates the web server packets with the address 192.168.10.254 to the public IPv4 address 209.165.201.5. The Internet client directs web requests to the public IPv4 address 209.165.201.5. The R2 forwards that traffic to the web server at 192.168.10.254.

Establishes static translation between an inside local address and 
an inside global address.
R2 (config) # ip nat inside source static 192.168.10.254 209.165.201.5

R2 (config) # interface Serial0 / 0/0
R2 (config-if) # ip address 10.1.1.2 255.255.255.252
Identifies interface serial 0/0/0 as an inside NAT interface.
R2 (config-if) # ip nat inside
R2 (config-if) # exit

R2 (config) # interface Serial0 / 1/0
R2 (config-if) # ip address 209.165.200.1 255.255.255.252
Identifies interface serial 0/1/0 as the outside NAT interface. 
R2 (config-if) # ip nat outside

Static NAT process

With the above configuration, Image 3 shows the process of static NAT translation between the client and the web server. In general, static translations are used when clients on the external network (Internet) need to reach servers on the internal network.


  • 1 . The client wishes to establish a connection to the web server. The client sends a packet to the web server with the destination public IPv4 address 209.165.201.5. This is the internal global address of the web server.
  • 2 . The first packet it receives from the client on its external NAT interface causes the R2 to check its NAT table. Once the destination IPv4 address is found in the NAT table, it is translated.
  • 3 . R2 replaces internal global address 209.165.201.5 with internal local address 192.168.10.254. Then, R2 forwards the packet to the web server.
  • 4 . The web server receives the package and responds to the client with the internal local address, 192.168.10.254.
  • 5th . The R2 receives the web server package in its internal NAT interface with the source address of the internal local address of the web server, 192.168.10.254.
  • 5b . The R2 searches for a translation for the internal local address in the NAT table. The address is in that table. R2 translates the source address and converts it into the internal global address of 209.165.201.5, and resends the package to the customer.
  • 6. The client receives the package and continues the conversation. The NAT router performs steps 2 through 5b for each packet. (Step 6 does not appear in the illustration).

STATIC NAT VERIFICATION

A command that is useful for verifying the operation of NAT is  show ip nat translations . This command shows the active NAT translations. Unlike dynamic translations, static translations are always listed in the NAT table.

R2 # show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.201.5 192.168.10.254 --- ---
R2 #
Because the example is a static NAT configuration, there is always a translation in the NAT table, regardless of whether there are active communications. If the command is issued during an active session, the result also indicates the address of the external device.
Static translation during an active session.
R2 # show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.201.5 192.168.10.254 209.165.200.254 209.165.200.254
R2 #
Another useful command is  show  ip nat statistics . The show ip nat statistics command   displays information about the total number of active translations, the NAT configuration parameters, the number of addresses in the set and the number of addresses that were assigned.
R2 # clear ip nat statistics
 
R2 # show ip nat statistics
Total active translations: 1 ( 1 static , 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
 Serial0 / 0/1
Inside interfaces: 
 Serial0 / 0/0
Hits: 0 Misses: 0
 
Client PC establishes a session with the web server
 
R2 # show ip nat statistics 
Total active translations: 1 ( 1 static , 0 dynamic; 0 extended)
Peak translations: 2, occurred 00:00:14 Aug
Outside interfaces:
 Serial0 / 1/0
Inside interfaces: 
 Serial0 / 0/0
Hits: 5 Misses: 0
<The result was omitted>
To verify that the NAT translation works, it is convenient to clear the statistics of all previous translations with the clear ip nat statistics command   before performing the test.
Before any communication with the web server, the show ip nat statistics command   does not show any current success. Once the client establishes a session with the web server, the show ip nat statistics command   records an increase to five matching results in the internal interface (Serial0 / 0/0). In this way, it is verified that the static NAT translation is carried out in the R2.


No comments:

Post a Comment