Configuring Network Address Translation
Configuring Network Address Translation
Command
Step 1
ip nat pool name start-ip end-ip {netmask
netmask | prefix-length prefix-length}
Step 2
access-list access-list-number permit source
[source-wildcard]
Step 3
ip nat inside source list access-list-number
pool name [overload]
Step 4
ip nat outside source static global-ip
local-ip
Cisco 1710 Security Router Software Configuration Guide
2-10
dns-server 172.16.1.102 172.16.2.102
netbios-name-server 172.16.1.103 172.16.2.103
netbios-node-type h-node
Network Address Translation (NAT) translates IP addresses within private
"internal" networks to "legal" IP addresses for transport over public "external"
networks (such as the Internet). Incoming traffic is translated back for delivery
within the inside network. Thus, NAT allows an organization with unregistered
"private" addresses to connect to the Internet by translating those addresses into
globally registered IP addresses.
Ethernet interfaces are configured as "NAT inside" or "NAT outside" as shown in
the previous section "Configuring the Ethernet Interfaces." Once the interfaces
are configured, the following steps can be performed to establish the NAT
configuration within the router.
Chapter 2
Cisco 1710 Security Router Configuration
Task
Create a pool of global IP addresses for NAT.
Define a standard access list permitting
addresses that need translation.
Enable dynamic translation of addresses
permitted by access list. Overload allows the
use of one global address, from the pool, for
many local addresses.
Enable static translation of a specified outside
source address. This command is optional.
78-12696-01