NAT TRANSLATION All configurations will refer to the diagram below.
The scenario is as follows: Your organization is using the private address of 10.0.0.0 /24. Your ISP has assigned the public address of 200.200.200.0 /24 to your organization. Our goal is to configure Router A to provide us with address translation to go from the private address to the public address. We also want to advertise this public address out to the world. The configuration commands that accomplish these goals are presented in bold. Current configuration: !
version 11.3 no service password-encryption ! hostname router_a ! enable secret 5 $1$.s1R$iaEqZxLnYJo2QlZi8UNaO0 enable password guess ! ip nat pool nat-example 200.200.200.1 200.200.200.255 prefix-length 24 ip nat inside source list 1 pool nat-example ! interface Ethernet0/0 ip address 200.200.200.1 255.255.255.0 secondary ip address 10.10.10.1 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 150.100.10.72 255.255.255.0 ip nat outside encapsulation frame-relay ! interface TokenRing0/0 no ip address shutdown ring-speed 16 ! interface FastEthernet1/0 no ip address shutdown ! router rip network 200.200.200.0 network 150.100.0.0 ! ip classless no logging buffered access-list 1 permit 10.10.10.0 0.0.0.255 ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! end Explanation of the bold commands: Ip nat pool- Defines the pool name of "nat-example" the first public address is 200.200.200.1 and the last address 200.200.200.255. The mask is 255.255.255.0 or /24 Ip nat inside source- Applies the access-list 1 to the pool "nat-example" Ip address 200.200.200.1 255.255.255.0 secondary- Applies the public address to the e0/0 interface as a secondary address. Since we want to advertise the public address we must configure the address. Ip nat inside- Defines the e0/0 interface as the inside address Ip nat outside- Define serial 0 as the outside addresses Router rip- Network 200.200.200.0 Because we configures the 200.200.200.0 address as a secondary address we can advertise it with RIP. Access-list 1 permit 10.10.10.0 0.0.0.0.255 Permits the private addresses on the 10.10.10.o subnet to be translated to the public address. The following is the actual translation taken after the seri10.10.10.1 interface of the router and the workstation 10.10.10.2 performed a ping of the Serial interface of the ISP’s router. router_a#sh ip nat trans Pro Inside global Inside local Outside local Outside global --- 200.200.200.1 10.10.10.1 --- --- --- 200.200.200.2 10.10.10.2 --- ---