In this article, we will explore the process of setting up static NAT on a Cisco router.
Network Address Translation (NAT) is a algorithm that maps private IP addresses with public IP addresses, facilitating internet routing.
There are two primary types of IP addresses: IPV6 and IPV4. Initially, IPV4 served as the primary IP addressing scheme. However, due to the limited availability of only 4,294,967,296 IPV4 addresses and the ever-expanding global population, the surge in internet users has nearly exhausted these addresses. In response, the IPV6 addressing scheme was introduced, supporting up to 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses. Despite this huge address, migrating all existing network devices to this new addressing scheme poses a considerable challenge.
As a short-term solution to the rapid depletion of IPV4 addresses, classless inter-domain routing (CIDR), network address translation (NAT), and private IP addressing were introduced.
NAT, as an algorithm, enables organizations to configure private IP addresses that do not need to be unique across the internet for their network devices. Devices with private Ip address can communicate locally but for them to communicate with other devices on the internet, the private IP address need to be translated to a public IP address using a NAT-enabled-router, which serves as the default gateway to the host devices.
There are three distinct types of NAT: static NAT, dynamic NAT, and PAT (Port Address Translation). Today, our focus will be on configuring static NAT on a Cisco router.
Private and public IP addresses
IP version 4 (IPV4) is further divided into two different types: public and private IP addresses.
Public IP addresses are IP addresses that are unique over the internet. This address allows devices to exchange information over the internet.
Private IP addresses, on the other hand, are local IP addresses that do not need to be unique. These IP address ranges are used only within a locality, and for traffic from these addresses to transverse to the internet, they need to be mapped to a public IP address using the network address translation scheme.
The following are the private IPv4 addresses available for use, as defined in the RFC document:
10.0.0.0
to10.255.255.255.255
172.16.0.0
to172.255.255.255
192.168.0.0
to192.168.255.255
Network Topology
As shown in the image below, the network topology we will be making use of comprise of a Cisco router, two host devices existing on the local area network and a server residing over the internet. We will be configuring static NAT to map 192.168.1.2 – -> 100.0.0.4 and 192.168.1.3 – -> 100.0.0.5.
Note; 192.168.1.2 and 192.168.1.3 are private IP addresses assigned to the two host existing on the LAN. They are the two Inside local IP addresses.
100.0.0.4 and 100.0.0.5 on the other hand are the two public IP addresses that will mapped to the two inside local IP addresses. These two IP addresses are the two inside global IP address.
How To Configure Static NAT on Cisco Router
The steps to configure NAT involve;
- Mapping private internal IP address with public global address(192.168.1.2 – -> 100.0.0.4 and 192.168.1.3 – -> 100.0.0.5 in this case).
- Configuring the Router interface taking part in the NAT as either inside or outside with respect to NAT. In the network above, G0/0/0 is the inside interface while the G0/0/1 is the outside interface.
Step 1: Mapping private internal IP address with public global address
Here are commands to map the private IP with the Public Ip for the network topology shown above;
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip nat inside source static 192.168.1.2 100.0.0.4
R1(config)#ip nat inside source static 192.168.1.3 100.0.0.5
Step 2: Configuring the Router interface taking part in the NAT
Here are commands to configure the router interface taking part in the NAT for the network topology above;
R1(config)#int g0/0/0
R1(config-if)#ip nat inside
R1(config-if)#int g0/0/1
R1(config-if)#ip nat outside
Step 3: Test the configuration
To test the NAT configuration, we need to enter the following command:
R1#show ip nat translations
When we entered the above command on our network, we saw the following configuration;
Note: The fields for Outside Local and Outside Global are empty because the server is not connected to any NAT-enabled router; if it were connected to a NAT-enabled router, the two fields would assume the IP address configured on the router.
We have recreated the network topology as shown below;
In the network above, we have configured RIP
Note: After NAT configuration on the two routers, you need to ping from one of the PC to the server before running the “show ip nat translations” command to obtain similar result in the imange above.
Related:
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below