Configuring Dynamic NAT Translations Using Route Maps

18 Mar

Configuring Dynamic NAT Translations Using Route Maps
As discussed earlier, NAT supports the use of static translations using route maps; it also supports the use of dynamic translation using route maps. To configure dynamic NAT translations using route maps, use the following steps:

1.Use the following command to establish an association between the configured route map and the pool of global addresses:

ip nat inside source route−map <route map name> pool <pool − name>

2.Use this command to define a pool of addresses to be allocated for translation as needed:

ip nat pool <pool name> <start−ip address> <end−ip address> −
{netmask netmask | prefix−length prefix−length}

The start IP address is the address that NAT will begin with when creating a dynamic translation entry. The end IP address is the last IP address that NAT will be able to use
when creating a dynamic translation entry.

3.Use the following command to define an extended access list and its parameters:

access−list <access−list−number> {deny|permit} <protocol> −
<source> <source−wildcard> <destination> <destination −
wildcard>

The access list should specify which traffic arriving at the inside interface and destined to the outside interface is eligible to create a translation entry.

4.Use this command to enter route map configuration mode and define the parameters of the route map:

route−map <name> {permit|deny} <sequence number>}

5. Use the following command to move into interface configuration mode:

interface <interface type> <interface number>

Use the ip nat inside interface configuration command to apply NAT to the interface that is connected to the networks with the local addresses.

Use the following command to move into interface configuration mode:

interface <interface type> <interface number>

Use the ip nat outside interface configuration command to apply NAT to the interface that is connected to the networks with the inside global addresses.

Referring to Figure 3.8, you can see that Router 1 is multihomed to two different routers. It has a connection to Router 2 and another to Router 3. When the hosts behind Router 1 in network 10.10.10.0 establish a connection to hosts within Network 2 behind Router 2 with IP addresses of 20.20.20.0, their IP addresses should appear to be sourced from one subnet; yet, when establishing connections to hosts within Network 3 behind Router 3 with a network of 30.30.30.0, their IP addresses should appear to be sourced from a different subnet. To meet the requirements using dynamic NAT and route maps, the configuration in Listing 3.16 can be used.

Listing 3.16: Router 1 Dynamic NAT with route map configuration.

hostname Router−1
!
interface Serial2/0
ip addres 192.168.20.1.255.255.255.0
ip nat outside
!
interface Serial3/0
ip addres 192.168.30.1.255.255.255.0
ip nat outside

!
interface Serial1/0
ip addres 10.10.10.1.255.255.255.0
ip nat inside
duplex full
speed 100
!
ip route 20.20.20.0.255.255.255.0 192.168.20.2
ip route 30.30.30.0 255.255.255.0 192.168.30.2
!
ip nat pool network−20 192.168.20.20 192.168.20.254 −
prefix−length 24
!
ip nat pool network−30 192.168.30.20 192.168.30.254 −
prefix−length 24
!
ip nat inside source route−map network2 pool network−20
ip nat inside source route−map network3 pool network−30
!
access−list 101 permit ip 10.10.10.0 0.0.0.255 −
20.20.20.0 0.0.0.255
!
access−list 102 permit ip 10.10.10.0 0.0.0.255 −
30.30.30.0 0.0.0.255
!
route−map network2 permit 10
match ip address 101
set ip next−hop 192.168.20.2
!
route−map network3 permit 10
match ip address 102
set ip next−hop 192.168.30.2

Figure 3.8: Router 1 Dynamic NAT with route map.
Note Because of the format limitations of this book, some lines of code in Listing 3.16 have been broken with a hyphen.

If you compare the configurations in Listing 3.12 and Listing 3.16, you’ll notice that there are slight differences between the two. The configuration in Listing 3.16 does not include any static mappings and the ip nat pool command has been added. When a route map is used by NAT to match the inside traffic to be translated, NAT will create a fully extended translation entry that can be viewed using the show ip nat translations command. The translation entry created by NAT will contain both the inside and outside local and global address entries and also contain any TCP or UDP port information. Issuing the show ip nat translations command on Router 1 displays the following output:

Router−1#show ip nat translations

Pro Inside global Inside local …
TCP 192.168.20.20:1134 10.10.10.43:1134 …
TCP 192.168.30.20:1135 10.10.10.43:1135 …
TCP 192.168.20.21:1026 10.10.10.65:1026 …
TCP 192.168.30.21:1027 10.10.10.65:1027 …
… Outside local Outside global
… 20.20.20.20:21 20.20.20.20:21
… 30.30.30.30:23 30.30.30.30:23
… 20.20.20.21:23 20.20.20.21:23
… 30.30.30.31:21 30.30.30.31:21

Note Because of the format limitations of this book, lines of code have been broken with ellipsis points.

Random Posts

No comments yet

Leave a Reply

You must be logged in to post a comment.