IP Addressing: NAT Configuration Guide, Cisco IOS XE Release 3S
IP Multicast Dynamic NAT
Downloads: This chapterpdf (PDF - 1.31MB) The complete bookPDF (PDF - 5.39MB) | The complete bookePub (ePub - 1.18MB) | Feedback

IP Multicast Dynamic NAT

IP Multicast Dynamic NAT

The IP Multicast Dynamic Network Address Translation (NAT) feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for IP Multicast Dynamic NAT

The IP Multicast Dynamic NAT feature does not support:

  • IPv4-to-IPv6 address translation.

  • Multicast destination address translation.

  • Port Address Translation (PAT) overloading for multicast.

  • Source and destination address translation.

  • Unicast-to-multicast address translation.

Information About IP Multicast Dynamic NAT

How NAT Works

A device that is configured with NAT will have at least one interface to the inside network and one to the outside network. In a typical environment, NAT is configured at the exit device between a stub domain and the backbone. When a packet leaves the domain, NAT translates the locally significant source address into a globally unique address. When a packet enters the domain, NAT translates the globally unique destination address into a local address. If more than one exit point exists, each NAT must have the same translation table. If NAT cannot allocate an address because it has run out of addresses, it drops the packet and sends an Internet Control Message Protocol (ICMP) host unreachable packet to the destination.

Uses of NAT

NAT can be used for the following applications:

  • When you want to connect to the Internet, but not all of your hosts have globally unique IP addresses. NAT enables private IP internetworks that use nonregistered IP addresses to connect to the Internet. NAT is configured on the router at the border of a stub domain (referred to as the inside network) and a public network such as the Internet (referred to as the outside network). NAT translates internal local addresses to globally unique IP addresses before sending packets to the outside network. As a solution to the connectivity problem, NAT is practical only when relatively few hosts in a stub domain communicate outside of the domain at the same time. When this is the case, only a small subset of the IP addresses in the domain must be translated into globally unique IP addresses when outside communication is necessary, and these addresses can be reused when they are no longer in use.

  • When you must change your internal addresses. Instead of changing the internal addresses, which can be a considerable amount of work, you can translate them by using NAT.

  • When you want to do basic load sharing of TCP traffic. You can map a single global IP address to many local IP addresses by using the TCP load distribution feature.

NAT Inside and Outside Addresses

The term inside in a Network Address Translation (NAT) context refers to networks owned by an organization that must be translated. When NAT is configured, hosts within this network will have addresses in one space (known as the local address space) that will appear to those outside the network as being in another space (known as the global address space).

Similarly, the term outside refers to those networks to which the stub network connects, and which are generally not under the control of an organization. Hosts in outside networks can also be subject to translation, and can thus have local and global addresses.

NAT uses the following definitions:

  • Inside local address—An IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.

  • Inside global address—A legitimate IP address (assigned by the NIC or service provider) that represents one or more inside local IP addresses to the outside world.

  • Outside local address—The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from the address space that is routable on the inside.

  • Outside global address—The IP address assigned to a host on the outside network by the owner of the host. The address is allocated from a globally routable address or network space.

Dynamic Translation of Addresses

Dynamic translation establishes a mapping between an inside local address and a pool of global addresses. Dynamic translation is useful when multiple users on a private network need to access the Internet. The dynamically configured pool IP address may be used as needed and is released for use by other users when access to the Internet is no longer required.


Note


When inside global or outside local addresses belong to a directly connected subnet on a NAT router, the router will add IP aliases for them so that it can answer Address Resolution Protocol (ARP) requests. However, a situation can arise where the router itself answers packets that are not destined for it, possibly causing a security issue. This can happen when an incoming Internet Control Message Protocol (ICMP) or UDP packet that is destined for one of the aliased addresses does not have a corresponding NAT translation in the NAT table, and the router itself runs a corresponding service, for example, the Network Time Protocol (NTP). Such a situation might cause minor security risks.


How to Configure IP Multicast Dynamic NAT

Configuring IP Multicast Dynamic NAT


Note


IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses


SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type {match-host | rotary}]

    4.    access-list access-list-number permit source-address wildcard-bits [any]

    5.    ip nat inside source list access-list-number pool name

    6.    ip multicast-routing distributed

    7.    interface type number

    8.    ip address ip-address mask

    9.    ip pim sparse-mode

    10.    ip nat inside

    11.    exit

    12.    interface type number

    13.    ip address ip-address mask

    14.    ip pim sparse-mode

    15.    ip nat outside

    16.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
              
     
    Enables privileged EXEC mode.
    • Enter your password if prompted.

     
    Step 2configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type {match-host | rotary}]


    Example:
    Router(config)# ip nat pool mypool 10.41.10.1 10.41.10.23 netmask 255.255.255.0
     

    Defines a pool of global addresses to be allocated as needed.

     
    Step 4access-list access-list-number permit source-address wildcard-bits [any]


    Example:
    Router(config)# access-list 100 permit 10.3.2.0 0.0.0.255 any
     

    Defines a standard access list for the inside addresses that are to be translated.

     
    Step 5ip nat inside source list access-list-number pool name


    Example:
    Router(config)# ip nat inside source list 100 pool mypool
     

    Establishes dynamic source translation, specifying the access list defined in the prior step.

     
    Step 6ip multicast-routing distributed


    Example:
    Router(config)# ip multicast-routing distributed
     

    Enables Multicast Distributed Switching (MDS).

     
    Step 7interface type number


    Example:
    Router(config)# interface gigabitethernet 0/0/0
     

    Configures an interface and enters interface configuration mode.

     
    Step 8ip address ip-address mask


    Example:
    Router(config-if)# ip address 10.1.1.1 255.255.255.0
     

    Sets a primary or secondary IP address for an interface.

     
    Step 9ip pim sparse-mode


    Example:
    Router(config-if)# ip pim sparse-mode
     

    Enables sparse mode operation of Protocol Independent Multicast (PIM) on an interface.

     
    Step 10ip nat inside


    Example:
    Router(config-if)# ip nat inside
     

    Indicates that the interface is connected to the inside network (the network that is subject to NAT translation).

     
    Step 11exit


    Example:
    Router(config-if)# exit
     

    Exits interface configuration mode and enters global configuration mode.

     
    Step 12interface type number


    Example:
    Router(config)# interface gigabitethernet 0/0/1
     

    Configures an interface and enters interface configuration mode.

     
    Step 13ip address ip-address mask


    Example:
    Router(config-if)# ip address 10.2.2.1 255.255.255.0
     

    Sets a primary or secondary IP address for an interface.

     
    Step 14ip pim sparse-mode


    Example:
    Router(config-if)# ip pim sparse-mode
     

    Enables sparse mode operation of PIM on an interface.

     
    Step 15ip nat outside


    Example:
    Router(config-if)# ip nat outside
     

    Indicates that the interface is connected to the outside network.

     
    Step 16end


    Example:
    Router(config-if)# end
     

    Exits interface configuration mode and enters privileged EXEC mode.

     

    Configuration Examples for IP Multicast Dynamic NAT

    Example: Configuring IP Multicast Dynamic NAT

    Router# configure terminal
    Router(config)# ip nat pool mypool 10.41.10.1 10.41.10.23 netmask 255.255.255.0
    Router(config)# access-list 100 permit 10.3.2.0 0.0.0.255 any
    Router(config)# ip nat inside source list 100 pool mypool
    Router(config)# ip multicast-routing distributed
    Router(config)# interface gigabitethernet 0/0/0
    Router(config-if)# ip address 10.0.0.1 255.255.255.0
    Router(config-if)# ip pim sparse-mode
    Router(config-if)# ip nat inside
    Router(config-if)# exit
    Router(config)# interface gigabitethernet 0/0/1
    Router(config-if)# ip address 10.2.2.1 255.255.255.0
    Router(config-if)# ip pim sparse-mode
    Router(config-if)# ip nat outside
    Router(config-if)# end
          

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Commands List, All Releases

    NAT commands

    Cisco IOS IP Addressing Services Command Reference

    Configuring NAT for IP address conservation

    Configuring NAT for IP Address Conservation module

    Standards and RFCs

    Standard/RFC

    Title

    None

    MIBs

    MIB

    MIBs Link

    None

    To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for IP Multicast Dynamic NAT

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for IP Multicast Dynamic NAT

    Feature Name

    Releases

    Feature Information

    IP Multicast Dynamic NAT

    Cisco IOS XE Release 3.4S

    The IP Multicast Dynamic Network Address Translation feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.