Configuring NAT Part 2: Static Translation

This article is a continuation of Part 1, so if you haven't read the part 1, I highly recommend that you go back and read Part 1. In this article, I will be assuming that you know how to configure the basic dynamic NAT configuration. However, if you are familiar with NAT and just want to read up on configuring a Static NAT, you can continue on without reverting to the previous NAT blog.

Let's do a concise review of Dynamic NAT configuration before moving on.

Step 1: Determine inside and outside networks.

• GatewayRouter(config)#int s0/0
  GatewayRouter(config-if)#ip nat outside
  GatewayRouter(config-if)#int fa1/0
  GatewayRouter(config-if)#ip nat inside
  

Step 2: Ensure that the connectivity exists between the routers.

• GatewayRouter(config)#ip route 0.0.0.0 0.0.0.0 s0/0
  

Step 3: Configure a pool private IP addresses.

• GatewayRouter(config)#access-list 1 permit 10.0.0.0 0.0.0.255
  

Step 4: Configure a pool public IP addresses.

• GatewayRouter(config)#ip nat pool OUTSIDE 216.116.120.250 216.116.120.254 net 255.255.255.248
  

Step 5: Configure Network Address Translation.

• GatewayRouter(config)#ip nat inside source list 1 pool OUTSIDE
  

Step 6: Verification.

----------------------------------------------------------------------------------------

What is Static NAT

A type of Network Address Translation where an one-to-one map exists between a public IP address and an internal, private IP address. This method is manual and static; as a result, it is more time consuming and does not automatically react to changes in networks.

So, what is its purpose? When you publish your webservers or Front-end Exchange servers, you will need to associate those servers with a public IP address so that the clients and users can access the servers from external networks. Likewise, the above servers will also require a private IP address for internal users to access them. Instead of using two NIC's to resolve the above issue, it's recommended to use Static NAT to more securely kill two birds with one stone. Here are the general steps when configuring a Static NAT:

• Step 1: Determine inside and outside networks. Label each interface as “inside” or “outside” using the ip nat inside and ip nat outside commands at the interface or subinterface configuration mode.


• Step 2: Ensure that the connectivity exists between the routers. By using either static routes or dynamic routing protocols, make sure that your inside global network can connect to the outside network.

• Step 3: Configure Static Network Address Translation. Define components that will be translated.


• Step 4: Verify your work

In the below network diagram, let's configure a static NAT for the front-end Exchange Server.

Step 1: Determine inside and outside networks. Label each interface as “inside” or “outside” using the ip nat inside and ip nat outside commands at the interface or subinterface configuration mode.

GatewayRouter#conf t
GatewayRouter(config)#int s0/0
GatewayRouter(config-if)#ip nat outside
GatewayRouter(config-if)#int fa1/0
GatewayRouter(config-if)#ip nat inside

---------------------------------------------------------------------------------------------

Step 2: Ensure that the connectivity exists between the routers. By using either static routes or dynamic routing protocols, make sure that your inside global network can connect to the outside network.

GatewayRouter(config)#ip route 0.0.0.0 0.0.0.0 s0/0

---------------------------------------------------------------------------------------------

Step 3: Configure Network Address Translation. Define components that will be translated.

GatewayRouter(config)#ip nat inside source static 10.1.0.25 216.116.120.252

Note that for Static NAT, you do not need to configure a pool or an access-list.