nat.md

NAT Configuration

This page provides step-by-step instructions for configuring Network Address Translation (NAT) on a router or network device using the command-line interface.

Table of Contents

• NAT Configuration
  • Table of Contents
  • 1. Enabling NAT
  • 2. Configuring NAT Pool
  • 3. Configuring Outside Interface
    • Option 1: Using DHCP Client
    • Option 2: Assigning a Static IP Address
  • 4. Configuring Inside Interface
  • 5. Defining Access Control List
  • 6. Configuring NAT Pool Range
  • 7. Associating NAT Pool with ACL
  • Full Configuration

---

1. Enabling NAT

To enable NAT, follow these steps:

enable
configure terminal

2. Configuring NAT Pool

Create a NAT pool with a specific name using the following command:

nat pool-name <nat-pool-name>

3. Configuring Outside Interface

Configure the outside NAT interface. You have two options:

Option 1: Using DHCP Client

interface <outside-nat-interface-name>
    ip dhcp-client
    ip nat outside pool-name <nat-pool-name>
    end

Option 2: Assigning a Static IP Address

interface <outside-nat-interface-name>
    ip address <ipv4-address> <ipv4-subnet>
    ip nat outside pool-name <nat-pool-name>
    end

4. Configuring Inside Interface

Configure the inside NAT interface with the following commands:

interface <inside-nat-interface-name>
    ip address <ipv4-address> <ipv4-subnet>
    ip nat inside pool-name <nat-pool-name>
    ip dhcp-server pool-name <dhcp-server-pool-name>
    end

5. Defining Access Control List

Create an access control list (ACL) with ID 999 to permit specific source addresses:

access-list 999 permit $SOURCE_ADDRESS $SUBNET_MASK

6. Configuring NAT Pool Range

Define the NAT pool's IP range and netmask:

ip nat pool <nat-pool-name> <inside-nat-ip-range-ip-start> <inside-nat-ip-range-ip-end> netmask <inside-nat-ip-netmask>

7. Associating NAT Pool with ACL

Associate the NAT pool with an access control list (ACL) for either inside or outside sources:

ip nat pool <nat-pool-name> [inside|outside] source list <acl-id>

---

Full Configuration

; When negating, user MUST remove pool from interfaces first
[no] ip nat pool <nat-pool-name>

interface <inside-nat-interface-name>
    
    #; Optional ip address when selecting the nat outside pool
    ip address <ipv4-address> <ipv4-subnet>

    [no] ip nat [inside | outside] pool <nat-pool-name>
    
    #; Optional dhcp-server pool when selecting nat inside pool
    ip dhcp-server pool <dhcp-server-pool-name>
end

access-list 999 permit $SOURCE_ADDRESS $SUBNET_MASK

NAT-IOS

This user manual provides a detailed guide for configuring NAT on your router or network device. Follow the steps outlined above to enable NAT and set up NAT pools, interfaces, access control lists, and more to control network traffic and IP address translation.

For any additional assistance or troubleshooting, please refer to the documentation for your specific router or device or contact your network administrator.