Network Address Translation (NAT) commands are used to enable or disable NAT on an interface or sub-interface and specify whether IP addresses on the interface are public or private.
Table 2-8. NAT Commands (1 of 3)
[no] ip nat {inside | outside}
Minimum Access Level: Administrator Command Mode: config-if, config-subif
Allows you to specify if Network Address Translation (NAT) is performed on an interface or sub-interface and whether IP addresses on the interface are private or public addresses. NAT is disabled by default.
Example: ip nat inside
inside – Specifies inside (private) IP addresses on this interface. outside – Specifies outside (public) IP addresses on this interface. ip nat translation timeout [time]
no ip nat translation timeout [time]
Minimum Access Level: Administrator Command Mode: config
Allows you to specify the amount of time that a dynamically configured standard NAT (non-port translation) mapping can remain unused before the mapping is automatically deleted.
The default is 24 hours. To reset the timeout to the default, use the no nat
translation timeout command.
Example: ip nat translation timeout 604800
NOTE: When NAPT is enabled, mappings are automatically deleted based on a separate set of non-configurable timeouts:
– UDP translations timeout: 5 minutes. – TCP translations timeout: 24 hours. – ICMP translations timeout: 1 minute.
time – The timeout value in seconds. The valid range is 1–2147483647. The default is 86400 seconds (24 hours).
ip nat pool pool-name start-ip-addr end-ip-addr
{netmask netmask | {prefix-length | /} prefix-length} no ip nat pool pool-name [start-ip-addr end-ip-addr
{netmask netmask | {prefix-length | /} prefix-length} ]
Minimum Access Level: Administrator Command Mode: config
Defines a pool of addresses for Network Address Translation. Addresses can then be allocated from the pool as needed. Up to 30 NAT pools can be supported.
To remove a pool, use the no ip nat pool command. No NAT pools are configured by default.
Example: ip nat pool Largo 132.53.4.2 132.53.4.250 / 24 pool-name – Name of the pool comprised of 1–20 ASCII printable characters. start-ip-addr – Starting IP address of the range of addresses in the address pool. end-ip-addr – Ending IP address of the range of addresses in the address pool.
netmask – Specify a network mask that indicates which address bits belong to the
network and subnet fields, and which bits belong to the host field. netmask – Network mask of the network for the pool addresses.
prefix-length or / – Specify the number of bits in a network mask address that are
ones and define the network and subnet fields.
prefix-length – The number of bits in a network mask address that are ones. Valid range is 1–32.
[no] ip nat inside source
{list access-list-1-99num pool pool-name [overload] | list access-list-1-99num interface intf-type intf-num
[.sub-intf-num] overload | static {static-ip-addr1 static-ip-addr2 |
protocol static-ip-addr1 static-port-num static-ip-addr2} }
Minimum Access Level: Administrator Command Mode: config
Allows a user to specify or remove Network Address Translation rules. Both dynamic and static address translations may be specified. Command forms that include an access list are used to specify dynamic translation rules. Packets from addresses that match the access list are translated using addresses allocated from the named pool or the IP address assigned to the interface. No NAT rules are configured by default.
Example: Refer to the Network Address Translation in Chapter 1, Configuring the
iMarc SLV Router.
inside – Inside address translation converts an inside (private) IP address to an outside
(public) IP address (and port, if overload is specified for NAPT).
source – Specifies source address translation.
list – Specify the access list number for dynamic address translation. For inside source
translation, this access list describes local addresses. If no rules have been created for the specified access list, no translations based on this rule will occur.
access-list-1-99num – A standard IP Access list. The valid range is 1–99.
(Continued on next page)
(Continued from previous page)
pool – Specify the name of a pool of addresses available for dynamic address translation.
For inside source translation, this is the pool of local addresses.
pool-name – The name of a NAT pool comprised of 1–20 ASCII printable characters.
interface – For dynamic address translation, specifies an interface or sub-interface that
provides the address for the translation. For inside source translation, specifies the interface that provides the global address. If there is no address on the interface, the interface has not been specified as an outside interface, or the interface is not operational, no translations based on this rule will occur. If a public IP address is specified for NAPT on this interface, that address is used instead of the interface’s assigned IP address.
intf-type – Two interface types are supported:
Ethernet – IEEE 802.3 interface Serial – Frame relay serial interface
intf-num – Interface index number for both the Ethernet and Serial interfaces, 0 or 1. sub-intf-num – Sub-interface number. Sub-interfaces are only supported on the network interface (Serial 0). If a Serial interface is specified, a sub-interface must also be specified. Sub-interface number range is 0–4,294,967,295.
overload – Specifies that Network Address Port Translation (NAPT), also known as Port
Address Translation (PAT), is to be used for UDP and TCP.
static – Specifies a fixed, one-to-one mapping between an inside (private) IP address
(and port for PAT) and a outside (global) IP address (and port for PAT). For inside source translation, a private address (and port for PAT) is mapped to a global address (and port for PAT). Static inside and outside destination translations are not supported.
static-ip-addr1 – Specifies the first IP address in the static route. For inside source translation, this is the local address to be mapped.
static-ip-addr2 – Specifies the second IP address in the static route. For inside source translation, this is the global address to be mapped.
protocol – Protocol that applies to this static route, which include:
tcp – Transmission Control Protocol udp – User Datagram Protocol
static-port-num – Specifies the second TCP/UDP port in a static protocol route. For inside source translation, this is the local port. It should only be specified when a static protocol translation is specified. Only one static route per protocol can specify a
static-port-num. The valid range of TCP/UDP ports is 1–65535.
clear ip nat translation *
Minimum Access Level: Administrator Command Mode: Standard
Allows you to clear all dynamic NAT translations from the translation table. Table 2-8. NAT Commands (3 of 3)