NAT
November 9th, 2008 in IP and IOS Features, RIP | tags:

In this post I will try to explain how NAT works. For this article I used the network-diagram below. The network represented is just a very basic network, I used RIPv2 in this example.

NAT

For this NAT example I used the loopback-address of router’s R1 and NATted it to ip-address 23.23.23.1 on router R2. This means that router R3 will be able to reach router R1’s loopback address by using the ip-address 23.23.23.1 instead of 1.1.1.1.

For NAT to work we need to specify an “ip nat inside” and an “ip nat outside” interface. For this example where we are going to NAT router’s R1 loopback ip-address to router R3 we should specify Fa3/0 on router R2 as the “ip nat outside” interface and router’s R2 fa2/0 interface as “ip nat inside”

For router R2 to be able to reach router’s R1 loopback ip-address we specified a static route to the loopback ip-address of router R1 (ip route 1.1.1.1 255.255.255.255 12.12.12.1).

The relevant portion of the router’s configs :

R1 :


hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet2/0
 ip address 12.12.12.1 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 12.0.0.0
 no auto-summary

R2 :


hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet2/0
 ip address 12.12.12.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet3/0
 ip address 23.23.23.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router rip
 version 2
 network 12.0.0.0
 network 23.0.0.0
 no auto-summary
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
!
!
ip nat inside source static 1.1.1.1 23.23.23.1

R3 :


hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet3/0
 ip address 23.23.23.3 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 23.0.0.0
 no auto-summary

Now let’s ping 23.23.23.1 from router R3 and look at router’s R2 NAT table to see the NAT translations :

R3 :



R3#ping 23.23.23.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/36/64 ms

The NAT table on router R2 :

R2 :


R2#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 23.23.23.1:2      1.1.1.1:2          23.23.23.3:2       23.23.23.3:2
--- 23.23.23.1         1.1.1.1            ---                ---

As you can see above the ip-address 23.23.23.1 is in this case the “inside global” ip-address and the 1.1.1.1 is the “inside local” ip-address here.

The next NAT post will be about PAT also known as NAT-overload

Leave a comment

Your comment