Dynamic NAT configuration
aueddonline
Member Posts: 611 ■■□□□□□□□□
in CCNA & CCENT
After creating a pool of address on a router for NAT to use is any more configuration need?
Or have you got no choice but to create an ACL as well to tell NAT what address it can translates with the specified pool addresses. With the
Ip nat inside source list 1 pool (+pool name) – command list 1 referring to the ACL ?
any ideas?
Or have you got no choice but to create an ACL as well to tell NAT what address it can translates with the specified pool addresses. With the
Ip nat inside source list 1 pool (+pool name) – command list 1 referring to the ACL ?
any ideas?
What's another word for Thesaurus?
Comments
-
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
Yes that is correct. "ip nat inside source list 1 pool mypool" would be referring to access-list 1 permit blah blah bah. With dynamic NAT, you have to have a way to identify the interesting traffic that should be translated. An ACL is needed.
So you create the pool
issue the ip nat inside source list 1 pool mypool
create the access-list that permits the traffic to be translated.
Put ip nat inside on the correct interface(inside local) as well as ip nat outside on the correct interface( inside global)There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
billyr
Member Posts: 186
Yes I believe you will have to set up an ACL. Follow these steps mate and you wont go far wrong.
1. Define the Nat pool you wish to use. e.g
(config)#ip nat pool test 64.64.64.70 64.64.64.126 netmask 255.255.255.128
2. Create an ACL identifying which private i.p addressess will be translated. e.g
(config)#acess-list 1 permit 172.16.10.0 0.0.0.255
3. Link the new ACL with your new NAT pool that you named test in step 1. e.g
(config)#ip nat inside source list 1 pool test.
4. Define which interfaces are inside (private) addresses. e.g
(config)#int fa 0/0
(config-if) #ip nat inside
If you wish you can have more than one inside interface.
5. Lastly define which interface is your outside (public) interface, i.e the one leading to ISP.
(config)#int s 0/0
(config - if)#ip nat outside.
Hope this helps. -
r_durant
Member Posts: 486 ■■■□□□□□□□
Question Billyr (or anyone else)...since you can have more than one inside interface...billyr wrote:4. Define which interfaces are inside (private) addresses. e.g
(config)#int fa 0/0
(config-if) #ip nat inside
If you wish you can have more than one inside interface.
Does that mean that you would need to create more than one ACL for the private addresses? Let's say...
(config)#access-list 1 permit 192.168.100.0 0.0.0.255
then...
(config)#int fa 0/1
(config-if)#ip nat insidebillyr wrote:2. Create an ACL identifying which private i.p addressess will be translated. e.g
(config)#acess-list 1 permit 172.16.10.0 0.0.0.255
I have reached ACLs yet, but I'm just curious about the logic...CCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA! -
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
If you have more than one inside interface on a single router, then the ACL should include all the subnets to be translated.
If you have more than one inside interfaces of different routers,l then each router would need it;s own ACL that would define the traffic to be translated.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
rjbarlow
Member Posts: 411
Netstudent, for comfort refer always to the router You would have to configure, I advice that because the terms of NAT are much dependent on Your point of view.Netstudent wrote:If you have more than one inside interface on a single router, then the ACL should include all the subnets to be translated.
If you have more than one inside interfaces of different routers,l then each router would need it;s own ACL that would define the traffic to be translated.
2nd, when You have more interfaces "inside", simply put into the proper access list the right ip addresses and wildcard masks, I think that wrote r_durant is right.