Static NAT Configuration in Cisco

Border routers are typically configured for NAT. H. A router with an interface on the local (internal) network and an interface on the global (external) network. When a packet leaves the local (internal) network, NAT translates its local (private) IP address to a global (public) IP address. Global (public) IP addresses are translated to local (private) IP addresses when packets enter the local network. When NAT runs out of addresses, i. H. if there are no more addresses in the configured pool, the packet is dropped and an Internet Control Message Protocol (ICMP) host unreachable packet is sent to the destination.

Terminology of NAT:

• Inside Local: It is a region inside the Enterprise’s network where the hosts have Private IP addresses.
• Inside Global: It is also a region inside the Enterprise network, but Public IP addresses are used in this region (this region is usually connected to the outside network or Internet).
• Outside Local: It is a region that is generally part of the Enterprise network but in a public Internet (or outside the Enterprise Network). The hosts of the Outside Local region have private IP addresses.
• Outside Global: It is a part of the Enterprise network in a public Internet where Public IP addresses is used. 

These Private IP addresses cannot be advertised on the Internet using any routing protocol.

 

Static NAT: 

In Static NAT, IP addresses are statically mapped to each other through manual configuration. Global IP addresses are translated to Local IP addresses based on the statically mapping of these IP addresses.
There are 2 types of Static NAT: 

1. Inside Static NAT
2. Outside Static NAT

Inside Static NAT:

This involves the static mapping of the Inside Local IP address (private address) to the Inside Global address (public address). When Inside Static NAT is used, private IP addresses remain hidden from the outside network.
 

Configuration:

• Configure the interface in the Inside Global as 

ip nat outside

• Configure the interface in the Inside Local as

 ip nat inside

• Lastly, enable Static Nat by using the command: 

Router(config)#ip nat inside source 
static <inside-local-ip> <inside-global-ip>

 

R1(config)#int f0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#int f1/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip nat inside source static 10.1.1.2 20.1.1.1

Outside Static NA:

This involves the static mapping of the Outside Global IP address (public address) to an Outside Local address (private address). When Outside Static NAT is used, the real external IP addresses remain hidden from the hosts.
 

Configuration: 

• Configure the interface in the Inside Global as 

ip nat outside

• Configure the interface in the Inside Local as

 ip nat inside

• Lastly, enable Static Nat by using the command: 

Router(config)#ip nat inside source 
static <outside-global-ip> <outside-local-ip>

 

R1(config)#int f0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#int f1/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip nat outside source static 30.1.1.1 192.168.1.2

To verify these NAT translations: 

R1#show ip nat translations