Add to collection(s) Add to saved
  1. No category
Uploaded by ali.ashraf.m

sw nat

advertisement 
Configuring NAT
This chapter provides conceptual information about network address translation (NAT) configuration and management
of NAT on the Cisco 910 Industrial Routers (hereafter referred to as the router).

Understanding Network Address Translation, page 117

Configuring NAT, page 118

Configuring Port Forwarding, page 119

Monitoring NAT Information, page 119
Understanding Network Address Translation
Address translation substitutes the real address in a packet with a mapped address that is routable on the destination
network. As part of the process, the device also records the substitution in a translation database; these records are
known as “xlate” entries. The appropriate xlate entry must exist to allow address translation on return packets—the
substitution of the original real address for the mapped address; this procedure is sometimes referred to as
“untranslation.” Thus, network address translation (NAT) actually consists of two steps: the translation of a real address
into a mapped address, and the reverse translation for returning traffic.
One of the main functions of NAT is to enable private IP networks to connect to the Internet. Network address translation
replaces a private IP address with a public IP address, translating the private addresses in the internal network into legal,
routable addresses that can be used on the public Internet. In this way, NAT conserves public addresses; for example,
NAT rules can be configured to utilize only one public address for the entire network in communications with the outside
world.
In the deployment of Cisco 910 Industrial Routers, multiple slave IR910 routers can be connected to the LAN behind the
master IR910 router. Before the traffic from these slave routers is sent to Internet, it can be encrypted and filtered.
Cisco Systems, Inc.
117
www.cisco.com
Configuring NAT
Configuring NAT
Beginning in privileged EXEC mode, follow these steps to configure NAT on the router:
Command
Purpose
1.
configure terminal
Enter global configuration mode.
2.
interface type number
Enter interface configuration mode.
For type, choose one of the following interfaces as an outside
interface:

dot11radio (only available for Wi-Fi model IR910W-K9)

cellular (only available for 3G models IR910G-K9 and
IR910G-NA-K9)

Dialer

GigabitEthernet
For number, enter the interface number.
3.
ip address ip-address subnet-mask
Enter the IP address and subnet mask.
4.
ip nat outside
Identify the specified interface as the NAT outside interface.
5.
exit
Return to global configuration mode.
6.
interface vlan vlan-id
Enter VLAN interface configuration mode.
7.
ip address ip-address subnet-mask
Enter the IP address and subnet mask.
8.
ip nat inside
Identify the VLAN interface as the NAT inside interface.
9.
exit
Return to global configuration mode.
ip nat inside source inside-network
inside-network mask
outside-interface-name
interface-number overload
Enable dynamic translation of addresses on the inside interface.
Outside interface should be dot11radio, cellular, dialer, or Gigabit
Ethernet.
10.
Dot11radio interface is only available for Wi-Fi model IR910W-K9
and cellular interface is only available for 3G models IR910G-K9
and IR910G-NA-K9.
11.
exit
Return to global configuration mode.
12.
show ip nat translation
Verify the configuration.
13.
copy running-config startup-config
(Optional) Save your entries in the configuration file.
The following example shows how to configure NAT on a IR910W-K9 router:
Router# configure terminal
Router(config)# interface dot11radio 0
Router(config-if)# ip address 200.1.1.1 255.255.255.0
Router(config-if)# ip nat outside
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface vlan 1
Router(config-if)# ip address 192.168.3.254 255.255.255.0
Router(config-if)# ip nat inside
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# ip nat inside source 192.168.3.0 255.255.255.0 dot11radio 0 overload
Router(config)# exit
118
Configuring NAT
Configuring Port Forwarding
Port forwarding is a NAT function that redirects a communication request from one address and port number combination
to another while the packets are traversing a network gateway.
Use the following command to configure port forwarding:
ip nat inside { static { tcp | udp | sctp } inside_network_address | source inside_network_address }
Syntax Description
static
Port Forwarding Configuration.
source
Source address translation.
Monitoring NAT Information
You can display specific statistics and the translation table of NAT. Table 21 lists the privileged EXEC commands for
displaying NAT information.
Table 21
Commands to Monitor NAT Information
Command
Purpose
show ip nat statistics
Display the statistics information of NAT configuration.
show ip nat translation
Display the translation table.
The following example shows the output of the show ip nat statistics command:
Router# show ip nat statistics
Total Active Translations: 0
Inside Interface: vlan 1
Inside Source: 192.168.0.1/24
Outside Interface: dot11radio 0
The following example shows the output of the show ip nat translation command:
Router# show ip nat
Proto NATed Address
icmp 10.0.1.220
tcp
10.0.1.220
translation
NAT-host Address Destination Address
192.168.3.168
192.168.3.254
192.168.3.168
192.168.3.254
119
Configuring NAT
120
Related documents
Operating Systems - Shawlands Academy
Operating Systems - Shawlands Academy
Nat Burgess Executive Vice President Corum Group Ltd.
Nat Burgess Executive Vice President Corum Group Ltd.
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
Download
advertisement