NAT - Ability to Use Route Maps with Static Translations

一个INSIDE口 多个OUTSIDE口的NAT配置

Feature History

Release  Modification 
12.2(4)T
 This feature was introduced.
 
12.2(4)T2
 Support for the Cisco 7500 series routers was added.
 

This document describes the NAT—Ability to Use Route Maps with Static Translations feature. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuration Examples

Command Reference

Feature Overview
Previous to this feature, route mapping was supported only with dynamic Network Address Translation (NAT) translation.

The NAT—Ability to Use Route Maps with Static Translations feature enables NAT multihoming capability with static address translations. Multihomed internal networks now can host common services such as the Internet and Domain Name System (DNS), which are accessed from different outside networks.

--------------------------------------------------------------------------------
 Note   Network static support is not included in this feature.

Benefits
The ability to configure route map statements provides the option of using IP Security (IPSec) with NAT.
Translation decisions can be made based on the destination IP address when static translation entries are used.
Related Documents
Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2
Cisco IOS IP Configuration Guide, Release 12.2
Supported Platforms
Cisco 2500 series
Cisco 2600 series
Cisco 3620 router
Cisco 3640 router
Cisco 3660 router
Cisco 7100 series
Cisco 7200 series
Cisco 7500 series
Determining Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.

MIBs
No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs
No new or modified RFCs are supported by this feature.

Configuration Tasks
See the following sections for configuration tasks for the NAT—Ability to Use Route Maps with Static Translations feature. Each task in the list is identified as either required or optional:

Enabling Static NAT Route Mapping (required)
Verifying Static NAT Route Mapping (optional)
Enabling Static NAT Route Mapping
To enable route mapping with static NAT configurations, use the following command in global configuration mode:

Command  Purpose 
Router(config)# ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name} Enables route mapping with static NAT translation configured on the NAT inside interface.
 

Verifying Static NAT Route Mapping
To verify the static NAT route mapping configuration, use the following command in privileged EXEC mode:

Command  Purpose 
Router# show ip nat translations [verbose] Displays active NAT translations.
 

Configuration Examples
This section provides the following configuration example:

Enabling Static NAT Route Mapping
Enabling Static NAT Route Mapping Example
The following example shows the use of route mapping with static NAT translations:

interface Ethernet3
 ip address 172.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet4
 ip address 192.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet5
 ip address 11.1.1.100 255.255.255.0
 ip nat inside
 media-type 10BaseT
!
router rip
 network 172.68.0.0
 network 192.68.1.0
!
 ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2
 ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1
 ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2
 ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1
 access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.
 access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255
!
route-map isp2 permit 10
 match ip address 102
 set ip next-hop 192.68.1.1
!
route-map isp1 permit 10
 match ip address 101
 set ip next-hop 172.68.1.1

Command Reference
This section documents the modified ip nat inside source command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

ip nat inside source
To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name}
no ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name}
Syntax Description

list access-list-number
 Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
 
list access-list-name
 Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
 
pool pool-name
 Name of the pool from which global IP addresses are allocated dynamically.
 
overload
 (Optional) Enables the router to use one global address for many local addresses. When overloading is configured, the TCP or UDP port number of each inside host distinguishes between the multiple conversations using the same local IP address.
 
static local-ip
 Sets up a single static translation. The local-ip argument establishes the lo

cal IP address assigned to
a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.
 
global-ip
 Sets up a single static translation. The global-ip argument establishes the globally unique IP address of an inside host as it appears to the outside world.
 
route-map map-name
 Name of the route map configuration on the NAT inside interface in static translations.
 

Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release  Modification 
11.2
 This command was introduced.
 
12.2(4)T
 This command was modified to include the ability to use route maps with static translations, and the route-map map-name keyword/argument was added.
 

Usage Guidelines

This command has two forms: dynamic and static address translation. The form with an access list establishes dynamic translation. Packets from addresses that match the standard access list are translated using global addresses allocated from the pool named with the ip nat pool command.

Alternatively, the syntax form with the keyword static establishes a single static translation.

Examples

The following example translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 network to the globally unique 171.69.233.208/28 network:

ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
 ip address 171.69.232.182 255.255.255.240
 ip nat outside
!
interface ethernet 1
 ip address 192.168.1.94 255.255.255.0
 ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
The following example shows the use of route mapping with static NAT translations:

!
interface Ethernet3
 ip address 172.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet4
 ip address 192.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet5
 ip address 11.1.1.100 255.255.255.0
 ip nat inside
 media-type 10BaseT
!
router rip
 network 172.68.0.0
 network 192.68.1.0
!
 ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2
 ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1
 ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2
 ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1
 access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.
 access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255
!
route-map isp2 permit 10
 match ip address 102
 set ip next-hop 192.68.1.1
!
route-map isp1 permit 10
 match ip address 101
 set ip next-hop 172.68.1.1
Related Commands