NAT Overload:
1) Define inside NAT interface
2) Define outside NAT interface
3) Create standard ACL to permit inside (LAN) subnet
4) NAT statement with overload keyword
Example:
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int ser 0/1
R1(config-if)#ip nat outside
R1(config-if)#int f
*Mar 1 00:02:51.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to upa 0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip access
R1(config)#ip access-list standard INSIDE_VLAN1
R1(config-std-nacl)#permit 10.1.1.0 0.0.0.255
R1(config-std-nacl)#exit
R1(config)#ip nat inside source list INSIDE_VLAN1 int ser 0/1 overload
Verify:
R1#debug ip nat
IP NAT debugging is on
R1#
*Mar 1 00:05:47.823: NAT*: s=10.1.1.10->192.168.2.1, d=192.168.2.2 [0]
*Mar 1 00:05:47.835: NAT*: s=192.168.2.2, d=192.168.2.1->10.1.1.10 [0]
*Mar 1 00:05:48.807: NAT*: s=10.1.1.10->192.168.2.1, d=192.168.2.2 [0]
*Mar 1 00:05:48.819: NAT*: s=192.168.2.2, d=192.168.2.1->10.1.1.10 [0]
No comments:
Post a Comment