Cisco IOS Software Releases 12.2 T

Table Of Contents

NAT Default Inside Server

Contents

Restrictions for NAT Default Inside Server

How to Configure NAT Default Inside Server

Configuring NAT Default Inside Server

Verifying NAT Default Inside Server Configuration

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ip nat inside source

NAT Default Inside Server

---

The NAT Default Inside Server feature provides for the need to forward packets from the outside to a specified inside local address. Traffic is redirected that does not match any existing dynamic translations or static port translations, and the packets are not dropped. For online games, outside traffic comes on different User Datagram Ports (UDP). Dynamic mapping and interface overload can be configured for the PC traffic and also for the gaming device. If a packet is destined for the 806 interface from the outside and there is not a match in the Network Address Translation table for the fully extended entry or a match for the static port entry, it will be forwarded to the gaming device using a simple static entry created as a result of the new command line interface (CLI).

Feature Specifications for the NAT Default Inside Server Feature

Feature History
Release	Modification
12.2(13)T	This feature was introduced.
Supported Platforms
For platforms supported in Cisco IOS Release 12.2(13)T, consult Cisco Feature Navigator.

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To obtain updated information about platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. In the release section, you can compare releases side by side to display both the features unique to each software release and the features that releases have in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Contents

•Restrictions for NAT Default Inside Server

•How to Configure NAT Default Inside Server

•Additional References

•Command Reference

Restrictions for NAT Default Inside Server

•This feature is used for configuring gaming devices with a different IP address than the PC. To avoid unwanted traffic or attacks, access lists should be used.

•For traffic going from the PC to the outside world, it is better that a route map be used so that extended entries are created.

How to Configure NAT Default Inside Server

This section contains the following procedures:

•Configuring NAT Default Inside Server (required)

•Verifying NAT Default Inside Server Configuration (optional)

Configuring NAT Default Inside Server

To configure your NAT default inside server, use the following commands:

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. ip nat inside source static local-ip interface type number

4. ip nat inside source static tcp local-ip local-port interface type number global-port

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. Enter your password if prompted.
Step 2	configure {terminal | memory | network} Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip nat inside source static local-ip interface type number Example: Router(config)# ip nat inside source static 1.1.1.1 interface Ethernet1/1	Enables static NAT translations on the interface.
Step 4	ip nat inside source static tcp local-ip local-port interface type number global-port Example: Router(config)# ip nat inside source static tcp 1.1.1.1 23 interface interface Ethernet1/1 23	(Optional) Enables the use of telnet to the router from the outside.

Verifying NAT Default Inside Server Configuration

To verify your configuration, perform the following optional step:

SUMMARY STEPS

1. enable

2. show ip nat translations

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. •Enter your password if prompted.
Step 2	show ip nat translations Example: Router# show ip nat translations	Displays active NAT translations.

Additional References

For additional information related to Network Address Translation, refer to the following sections:

•Related Documents

•MIBs

•RFCs

•Technical Assistance

Related Documents

Related Topic	Document Title
Additional NAT configuration tasks.	The chapter "Configuring IP Addressing" in the Cisco IOS IP Configuration Guide, Release 12.2
Additional NAT commands	The chapter "IP Addressing Commands" in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2

Standards

Standards	Title
No new or modified Standards are supported by this feature and support for existing standards has not been modified by this feature.

MIBs

MIBs1	MIBs Link
None	To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

1 Not all supported MIBs are listed.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco  MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco  MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

RFCs1	Title
No new or modified RFCs are supported by this feature and support for existing RFCs has not been modified by this feature.

1 Not all supported RFCs are listed.

Technical Assistance

Description	Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/public/support/tac/home.shtml

Command Reference

This section documents the modified ip nat inside source command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

ip nat inside source

To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ip nat inside source {list {access-list-number | access-list-name} | route-map name} {interface type number | pool pool-name}[overload]

no ip nat inside source {list {access-list-number | access-list-name} | route-map name} {interface type number | pool pool-name}[overload]

Static NAT

ip nat inside source {static {local-ip global-ip} [extendable] [no-alias] [no-payload] [route-map] [redundancy group-name] | interface type name}

no ip nat inside source {static {local-ip global-ip} [extendable] [no-alias] [no-payload] [route-map] [redundancy group-name] | interface type name}

Port Static NAT

ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] [no-alias] [no-payload]

no ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] [no-alias] [no-payload]

Network Static NAT

ip nat inside source {static {network local-network global-network mask} [extendable] [no-alias] [no-payload]

no ip nat inside source {static {network local-network global-network mask} [extendable] [no-alias] [no-payload]

Syntax Description

list access-list-number	Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
list access-list-name	Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
route-map name	Specifies the named route map.
interface type	Specifies the interface type for the global address.
interface number	Specifies the interface number for the global address.
pool pool-name	Specifies the name of the pool from which global IP addresses are allocated dynamically.
overload	(Optional) Enables the router to use one global address for many local addresses. When overloading is configured, the TCP or User Datagram Protocol (UDP) port number of each inside host distinguishes between the multiple conversations
Static local-ip	Sets up a single static translation. The argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.
local-port	Sets the local TCP/UDP port in a range from 1-65535.
static global-ip	Sets up a single static translation. The argument establishes the globally unique IP address of an inside host as it appears to the outside world.
global-port	Sets the global TCP/UDP port in a range from 1-65535.
extendable	(Optional) Extends the translation.
no-alias	(Optional) Prohibits an alias from being created for the global address.
no-payload	(Optional) Prohibits the translation of an embedded address or port in the payload.
redundancy group-name	(Optional) Establishes NAT redundancy.
tcp	Establishes the Transmission Control Protocol.
udp	Establishes the User Datagram Protocol.
network local-network	Specifies the local subnet translation.
network global-network	Specifies the global subnet translation.
mask	Establishes the IP Network mask to be with subnet translations.

Defaults

No NAT translation of inside source addresses occurs.

Command Modes

Global configuration

Command History

Release	Modification
11.2	This command was introduced.
12.2(4)T	This command was modified to include the ability to use route maps with static translations, and the route-map name keyword and argument combination was added. This command was modified to include static translation with Hot Standby Routing Protocol (HSRP), and the redundancy redundancy-name keyword and argument combination was added. This command was modified to enable the translation of the IP header address only, and the no-payload keyword was added.
12.2(13)T	The keyword interface was added for static translations.

Usage Guidelines

This command has two forms: dynamic and static address translation. The form with an access list establishes dynamic translation. Packets from addresses that match the standard access list are translated using global addresses allocated from the pool named with the ip nat pool command.

Packets that enter the router through the inside interface and packets sourced from the router are checked against the access list for possible NAT candidates. The access list is used to specify which traffic is to be translated.

Alternatively, the syntax form with the static keyword establishes a single static translation.

Examples

The following example translates between inside hosts addressed from either the 192.168.1.0 or the 192.168.2.0 network to the globally unique 171.69.233.208/28 network:

ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28

ip nat inside source list 1 pool net-208

!

interface ethernet 0

 ip address 171.69.232.182 255.255.255.240

 ip nat outside

!

interface ethernet 1

 ip address 192.168.1.94 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.2.0 0.0.0.255

Related Commands

Command	Description
clear ip nat translation	Clears dynamic NAT translations from the translation table.
ip nat	Designates that traffic originating from or destined for the interface is subject to NAT.
ip nat inside source	Enables NAT of the inside source address.
ip nat outside source	Enables NAT of the outside source address.
ip nat pool	Defines a pool of IP addresses for NAT.
ip nat service	Enables a port other than the default port.
show ip nat statistics	Displays NAT statistics.
show ip nat translations	Displays active NAT translations.