Wednesday, July 17, 2013

Static NAT Cheat-sheet

Static NAT - Port Translation

1)  Define inside NAT interface
2)  Define outside NAT interface
3)  Define NAT using static keyword and assign port only

Example:

R2#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int ser 0/0
R2(config-if)#ip nat outside
R2(config-if)#int fa 0/0
R2(config-if)#ip nat inside

R2(config)#ip nat inside source static tcp 10.2.1.10 80 192.168.2.2  80


Verify:

R2#sho ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.2.2:80     10.2.1.10:80       ---                ---

R2#debug ip nat
IP NAT debugging is on
*Mar  1 00:39:46.131: ipnat_add_static_cfg: id 3, flag 6
*Mar  1 00:39:46.135: id 3, flags 0, domain 0, lookup 0, from_addr A02010A, from_mask FFFFFFFF, from_port 50, to_addr C0A80202, to_port 50 to_mask FFFFFFFF, proto 6
*Mar  1 00:40:20.575: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39818]
*Mar  1 00:40:20.623: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [0]
*Mar  1 00:40:20.627: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39819]
*Mar  1 00:40:20.627: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39820]
*Mar  1 00:40:20.655: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20303]
*Mar  1 00:40:20.655: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20304]
*Mar  1 00:40:20.655: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20305]
*Mar  1 00:40:20.655: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39821]
*Mar  1 00:40:20.691: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20306]
*Mar  1 00:40:20.691: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20307]
*Mar  1 00:40:20.691: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39822]
*Mar  1 00:40:20.691: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13399]
*Mar  1 00:40:20.703: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39823]
*Mar  1 00:40:20.723: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [0]
*Mar  1 00:40:20.723: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [39824]
*Mar  1 00:40:20.735: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13400]
*Mar  1 00:40:20.735: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13401]
*Mar  1 00:40:20.743: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [20308]
*Mar  1 00:40:20.763: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50985]
*Mar  1 00:40:20.763: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50986]
*Mar  1 00:40:20.763: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50987]
*Mar  1 00:40:20.771: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13402]
*Mar  1 00:40:20.791: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50988]
*Mar  1 00:40:20.791: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50989]
*Mar  1 00:40:20.791: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13403]
*Mar  1 00:40:20.803: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50990]
*Mar  1 00:40:20.803: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50991]
*Mar  1 00:40:20.803: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50992]
*Mar  1 00:40:20.803: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13404]
*Mar  1 00:40:20.815: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13405]
*Mar  1 00:40:20.823: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13406]
*Mar  1 00:40:20.835: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13407]
*Mar  1 00:40:20.843: NAT*: s=192.168.2.200, d=192.168.2.2->10.2.1.10 [13408]
*Mar  1 00:40:20.851: NAT*: s=10.2.1.10->192.168.2.2, d=192.168.2.200 [50993]
exit
R2#no debug all
All possible debugging has been turned off
R2#
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)