ip nat

To configure DNAT, enable and configures Network Address Port Translation (NAPT) for all networks or a specific network, add a global address pool and enable a global static NAT for a subnet or all networks, and configure Static SNAT, use the ip nat command in Interface Configuration Mode. Depending on the option selected, the no form of the command disables DNAT, NAPT for specific network or removes specific NAPT configuration, deletes the global address pool, or deletes Static SNAT rule.

ip nat

ip nat
{ {dest } { {<ucast_addr - public ip> } { <ucast_addr - local ip>} } { | tcp } { port } { <Port-No(1-65535)> } { | udp } { port } { <Port-No(1-65535)>} }
{ | napt } { enable | } { {<ucast_addr - local ip> } { <ip_mask - local subnet mask> } { | tcp } { port } { <Port-No(1-65535)> } { | udp } { port } { <Port-No(1-65535)>} }
{ | pool } { <ucast_addr - local subnet> } { <ip_mask - local subnet mask> } { <ucast_addr - first public ip> } { <ucast_addr - last public ip> }
{ | static } { <ucast_addr - local ip> } { <ucast_addr - public ip> } { [bidirectional]} }

no ip nat

no ip nat { {dest } | napt { | pool } { | static} }
no ip nat napt enable

Parameters

Parameter Type Description
dest   Enter this option for Destination NAT.
<ucast_addr - public ip> A.B.C.D Enter a global IP address for the public IP to be remapped to a local one. It is the IP address network number obtained from the IANA which can be used by NAT for translating the local IP addresses.
<ucast_addr - local ip> A.B.C.D Enter a global IP address for the local IP to which the public IP is to be remapped.
tcp   Enter to configure the protocol as TCP for transport identifier of the packets.
port   Enter to configure the port.
<Port-No(1-65535)> Integer Enter a value for the TCP for transport identifier of the packets; enter a local port number in a range from 1 to 65535.
udp   Enter to configure the UDP for transport identifier of the packets.
port   Enter to configure the port.
<Port-No(1-65535)> Integer Enter a value for the UDP for transport identifier of the packets; enter a local port number in a range from 1 to 65535.
napt   Enter this option for Network Address Port Translation (NAPT) .
enable   Enter to create a port remaping SNAT rule: Source IP and port will be remapped with the interface IP and port.
<ucast_addr - local ip> A.B.C.D Enter a global IP address for the local IP to be remapped to public IP.
<ip_mask - local subnet mask> A.B.C.D Enter a local subnet mask.
tcp   Enter to configure the protocol as TCP for transport identifier of the packets.
port   Enter to configure the port.
<Port-No(1-65535)> Integer Enter a value for the TCP for transport identifier of the packets; enter a local port number in a range from 1 to 65535.
udp   Enter to configure the UDP for transport identifier of the packets.
port   Enter to configure the port.
<Port-No(1-65535)> Integer Enter a value for the UDP for transport identifier of the packets; enter a local port number in a range from 1 to 65535.
pool   Enter this option to add a global address pool and enable a global static NAT for a subnet or all networks
<ucast_addr - local subnet> A.B.C.D Enter a global IP address for the local IP to be remapped to public IP (0.0.0.0 if N/A).
<ip_mask - local subnet mask> A.B.C.D Enter a local subnet IPP address mask(0.0.0.0 if N/A)
<ucast_addr - first public ip> A.B.C.D Enter a global IP address for the public IP dynamic SNAT address pool start.
<ip_mask - last public ip> A.B.C.D Enter a global IP address for the public IP dynamic SNAT address pool start.
static   Enter this option for Static SNAT. A Static SNAT rule is created: the original source IP will be mapped to a new IP in ingressing / egressing direction, or bidirectionally if this option had been selected.
<ucast_addr - local ip> A.B.C.D Enter a global IP address for the local IP to be remapped to a public one.
<ucast_addr - public ip> A.B.C.D Enter a global IP address for the public IP to which the local Ip will be remapped.
bidirectional A.B.C.D Enter to configure NAT as bidirectional. The bidirectional option will configure Static SNAT and DNAT under a single command.

Mode

Interface Configuration Mode

Examples

iS5Comm # configure terminal

iS5Comm (config)# interface gi 0/4

iS5Comm (config-if)# dest 80.0.0.10 192.168.20.10

iS5Comm (config-if)# ip nat napt 192.168.10.0 255.255.255.0

iS5Comm (config-if)# no ip nat napt 192.168.10.0 255.255.255.0

iS5Comm (config-if)# ip nat napt enable

iS5Comm (config-if)# no ip nat napt enable

For a subnet

iS5Comm (config-if)# ip nat pool 192.168.10.0 255.255.255.0 80.0.0.10 80.0.0.20

iS5Comm (config-if)# ip nat pool 192.168.10.0 255.255.255.0 80.0.0.10 80.0.0.20

For all networks:

iS5Comm (config-if)# ip nat pool 0.0.0.0 0.0.0.0 80.0.0.10 80.0.0.20

iS5Comm (config-if)# ip nat pool 0.0.0.0 0.0.0.0 80.0.0.10 80.0.0.20

iS5Comm(config-if)# ip nat static 192.168.20.10 80.0.0.10 bidirectional

Parent topic: NAT