Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

ip nat inside source static (NAT)

Use this command to enable static NAT translation of inside source IPv4 addresses.

Syntax

ip nat inside source static local-ip global-ip [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]
no ip nat inside source static local-ip global-ip [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]

Parameters

local-ip Specifies the private (local) address to be associated with a public (global) address for this translation.
global-ip Specifies the public (global) address to be associated with a private (local) address for this translation.
inside-vrf vrf-name (Optional) Specifies the name of the VRF to which the local IP address belongs.
fullcone acl (Optional) Specifies an access list that identifies protocols and ports to process as fullcone NAT.
restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as restricted cone NAT.
port-restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as port restricted cone NAT.

Defaults

If inside-vrf vrf-name is not specified, an inside VRF is not associated with this translation.

If an access list for fullcone, restricted-cone, or port-restricted-cone NAT is not specified, or the packet does not match a cone access list entry, a cone NAT binding is not applied to the packet.

Mode

Configuration command, Global configuration.

Usage

If a full, restricted, or port restricted cone NAT access list is specified, and the IPv4 packet protocol and port matches an access list entry, a cone NAT binding for the cone type is applied to the packet. See Network Address Translation (NAT) Configuration in the S-, K-, and 7100 Series Configuration Guide for a detailed cone NAT feature discussion.

The “no” form of the command deletes the specified static NAT translation.

Example

This example enables a static NAT translation of inside source addresses for private local address 10.10.10.50 destined for and transmitting from unique public address 45.20.10.5:

System(rw-config)->ip nat inside source static 10.10.10.50 45.20.10.5

This example enables a static NAT translation, on VRF vrf2, of inside source addresses for private local address 10.10.10.50 destined for and transmitting from unique public address 45.20.10.5, specifying that the local address belongs to VRF vr1:

System(rw-vrf2-config)->ip nat inside source static 10.10.10.50 45.20.10.5 inside-vrf vr1

This example applies a full cone NAT binding, mapping the IPv4 source IP address 10.10.10.50 to the global IP address 45.20.10.5 for either:

  • Packets on an inside interface destined for any IPv6 address on an outside interface that match the protocol and port specified in an fc_acl1 entry
  • or, any outside traffic destined to the binding‘s 45.20.10.5 global IP address to be mapped to the 10.10.10.50 inside address
    System(rw-config)->ip nat inside source static 10.10.10.50 45.20.10.5 fullcone fc_acl1
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page