PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:infrastructure-services:ip-nat-outside-source:ip-nat-outside-source

Cisco: Static NAT: ip nat outside source

infrastructure-services.nat.static.outside.5a390ddc

this lab tested in IOSv 15.9(3)M2. IOS 15.2(1)T or newer version changed behavior. require no-alias option and enabled proxy arp

Memo

  1. Inside Local
  2. Inside Global
  3. Outside Local will translate
  4. Outside Global will translate

Inside to Outside process order

  1. routing
  2. NAT

Static NAT Outside Lab

  1. 5a390ddc-1140-4c43-8afb-02556a6ea168

Base Configuration

Common Configuration Snippet

R1

ubuntu-0

ubuntu-1

Configure ip nat outside source

configure terminal
!
! current valid configuration
ip nat outside source static 172.16.2.102 172.16.1.102 no-alias
! Seems work correctly
ip nat outside source static 172.16.2.102 172.16.1.102 add-route
! Seems not work this case directly connected route defined alternate static route
!ip nat outside source static 172.16.2.102 172.16.1.102
!
interface GigabitEthernet0/0
 ip nat inside
interface GigabitEthernet0/1
 ip nat outside
!
! Seems Invalid on newer IOS because Directly connected route AD is preferred?
ip route 172.16.1.102 255.255.255.255 172.16.2.102
! Seems Invalid Configuration unless Serial Interface or newer IOS version?
!ip route 172.16.1.102 255.255.255.255 GigabitEthernet0/1
!
end
show ip nat translation
show ip route
show running-config | include ip route|ip nat outside source
ping 172.16.1.102
ping 172.16.1.101
# success...
ping 172.16.2.102
nc 172.16.1.101 1234
nc -l 1234
ssh 172.16.1.102
ssh 172.16.1.101
# timeout
ssh 172.16.2.102
sudo tcpdump -nni ens2 host 172.16.1.101
# except DNS query, ICMP unreachable
sudo tcpdump -nni ens2 "not port 53 and not icmp[icmptype] == 3"

following configuration option no-alias required.

configure terminal
!
ip nat outside source static 172.16.2.102 172.16.1.102 no-alias
!
end

Cisco IOS IP Addressing Services Command Reference - ip dhcp-client network-discovery through ip nat sip-sbc [Cisco IOS XE 16] - Cisco

no-alias
(Optional) Prohibits an alias from being created for the local address.

References

tech/network/cisco/infrastructure-services/ip-nat-outside-source/ip-nat-outside-source.txt · Last modified: 2021/03/20 14:33 by wnoguchi