Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.2 T

NAT - Ability to Use Route Maps with Static Translations

Downloads

Table Of Contents

NAT—Ability to Use Route Maps with Static Translations

Feature Overview

Benefits

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Enabling Static NAT Route Mapping

Verifying Static NAT Route Mapping

Configuration Examples

Enabling Static NAT Route Mapping Example

Command Reference

ip nat inside source


NAT—Ability to Use Route Maps with Static Translations

Feature History

Release
Modification

12.2(4)T

This feature was introduced.

12.2(4)T2

Support for the Cisco 7500 series routers was added.


This document describes the NAT—Ability to Use Route Maps with Static Translations feature. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuration Examples

Command Reference

Feature Overview

Previous to this feature, route mapping was supported only with dynamic Network Address Translation (NAT) translation.

The NAT—Ability to Use Route Maps with Static Translations feature enables NAT multihoming capability with static address translations. Multihomed internal networks now can host common services such as the Internet and Domain Name System (DNS), which are accessed from different outside networks.

Note Network static support is not included in this feature.

Benefits

The ability to configure route map statements provides the option of using IP Security (IPSec) with NAT.

Translation decisions can be made based on the destination IP address when static translation entries are used.

Related Documents

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2

Cisco IOS IP Configuration Guide, Release 12.2

Supported Platforms

Cisco 2500 series

Cisco 2600 series

Cisco 3620 router

Cisco 3640 router

Cisco 3660 router

Cisco 7100 series

Cisco 7200 series

Cisco 7500 series

Determining Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

No new or modified RFCs are supported by this feature.

Configuration Tasks

See the following sections for configuration tasks for the NAT—Ability to Use Route Maps with Static Translations feature. Each task in the list is identified as either required or optional:

Enabling Static NAT Route Mapping (required)

Verifying Static NAT Route Mapping (optional)

Enabling Static NAT Route Mapping

To enable route mapping with static NAT configurations, use the following command in global configuration mode:

Command
Purpose

Router(config)# ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name}

Enables route mapping with static NAT translation configured on the NAT inside interface.

Verifying Static NAT Route Mapping

To verify the static NAT route mapping configuration, use the following command in privileged EXEC mode:

Command
Purpose

Router# show ip nat translations [verbose]

Displays active NAT translations.

Configuration Examples

This section provides the following configuration example:

Enabling Static NAT Route Mapping

Enabling Static NAT Route Mapping Example

The following example shows the use of route mapping with static NAT translations: 

interface Ethernet3

 ip address 172.68.1.100 255.255.255.0

 ip nat outside

 media-type 10BaseT

!

interface Ethernet4

 ip address 192.68.1.100 255.255.255.0

 ip nat outside

 media-type 10BaseT

!

interface Ethernet5

 ip address 11.1.1.100 255.255.255.0

 ip nat inside

 media-type 10BaseT

!

router rip

 network 172.68.0.0

 network 192.68.1.0

!

 ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2

 ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1

 ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2

 ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1


 access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.

 access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255

!

route-map isp2 permit 10

 match ip address 102

 set ip next-hop 192.68.1.1

!

route-map isp1 permit 10

 match ip address 101

 set ip next-hop 172.68.1.1

Command Reference

This section documents the modified ip nat inside source command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

ip nat inside source

To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name}

no ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name}

Syntax Description

list access-list-number

Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

list access-list-name

Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

pool pool-name

Name of the pool from which global IP addresses are allocated dynamically.

overload

(Optional) Enables the router to use one global address for many local addresses. When overloading is configured, the TCP or UDP port number of each inside host distinguishes between the multiple conversations using the same local IP address.

static local-ip

Sets up a single static translation. The local-ip argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.

global-ip

Sets up a single static translation. The global-ip argument establishes the globally unique IP address of an inside host as it appears to the outside world.

route-map map-name

Name of the route map configuration on the NAT inside interface in static translations.


Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.

12.2(4)T

This command was modified to include the ability to use route maps with static translations, and the route-map map-name keyword/argument was added.


Usage Guidelines

This command has two forms: dynamic and static address translation. The form with an access list establishes dynamic translation. Packets from addresses that match the standard access list are translated using global addresses allocated from the pool named with the ip nat pool command.

Alternatively, the syntax form with the keyword static establishes a single static translation.

Examples

The following example translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 network to the globally unique 171.69.233.208/28 network: 

ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28

ip nat inside source list 1 pool net-208

!

interface ethernet 0

 ip address 171.69.232.182 255.255.255.240

 ip nat outside

!

interface ethernet 1

 ip address 192.168.1.94 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.2.0 0.0.0.255

The following example shows the use of route mapping with static NAT translations: 

!

interface Ethernet3

 ip address 172.68.1.100 255.255.255.0

 ip nat outside

 media-type 10BaseT

!

interface Ethernet4

 ip address 192.68.1.100 255.255.255.0

 ip nat outside

 media-type 10BaseT

!

interface Ethernet5

 ip address 11.1.1.100 255.255.255.0

 ip nat inside

 media-type 10BaseT

!

router rip

 network 172.68.0.0

 network 192.68.1.0

!

 ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2

 ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1

 ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2

 ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1


 access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.

 access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255

!

route-map isp2 permit 10

 match ip address 102

 set ip next-hop 192.68.1.1

!

route-map isp1 permit 10

 match ip address 101

 set ip next-hop 172.68.1.1

Related Commands

Command
Description

clear ip nat translation

Clears dynamic NAT translations from the translation table.

ip nat

Designates that traffic originating from or destined for the interface is subject to NAT.

ip nat inside destination

Enables NAT of the inside destination address.

ip nat outside source

Enables NAT of the outside source address.

ip nat pool

Defines a pool of IP addresses for NAT.

show ip nat statistics

Displays NAT statistics.

show ip nat translations

Displays active NAT translations.