[NAT] basic info

▣ PAT + DNAT

① PAT

Inside (Src.A: 100.100.100.X/24, Dst.A: X.X.X.X: *)  -> Outside (Src.A: fastethernet0/0, Dst.A: X.X.X.X: *)

interface FastEthernet0/0   description ### for Internet ###   ip address dhcp   ip nat outside   ip virtual-reassembly  interface FastEthernet0/1   description ### local network ###   ip address 100.100.100.1 255.255.255.0   ip nat inside   ip virtual-reassembly  access-list 10 permit 172.16.0.0 0.0.0.255  ip nat inside source list 10 interface FastEthernet0/0 overload

② DNAT (port forwarding)

Outside (Src.A: X.X.X.X: *, Dst.A: fastethernet0/0: 2323) -> Inside (Src.A: X.X.X.X: *, Dst.A: 100.100.100.2 : 23)

i think of that cisco doesn't support DNAT like as "iptables -t nat -A PREROUTING -s 192.168.56.110 -p tcp --dport 2323 -j DNAT --to 100.100.100.2:23"

just trick config with static SNAT

ip nat inside source static tcp 100.100.100.2 23 interface FastEthernet0/0 2323

config on SDM, ASDM, conveniently

*verify:

*Outputs

cf

1) static SNAT

ip nat inside source static tcp 100.100.100.2 23 192.168.56.111 2323  R1#show ip nat translations  Pro Inside global      Inside local       Outside local      Outside global  tcp 192.168.56.111:2323 100.100.100.2:23  ---                ---

2) Cisco IOS NAT configurable options

ip nat {inside | outside} {source | destination} {list | route-map | static} {interface | pool} [overload | vrf]

R1(config)#ip nat inside ?   destination  Destination address translation   source       Source address translation   R1(config)#ip nat inside source ?   list       Specify access list describing local addresses   route-map  Specify route-map   static     Specify static local->global mapping R1(config)#ip nat inside destination ?   list  Specify access list describing global addresses R1(config)#ip nat outside ?   source  Source address translation R1(config)#ip nat outside source ?   list       Specify access list describing global addresses   route-map  Specify route-map   static     Specify static global->local mapping

■ Ref:

-How NAT Works: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

-Network Address Translation Catalyst Switch Support Matrix: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml