Use this command to enable dynamic translation of inside (local) source IPv4 addresses based upon an ACL.
| access-list | Specifies an access-list of IPv4 IP addresses to translate for this inside source address. |
| pool pool-name | (Optional) Specifies a pool of IPv4 addresses to translate for this outside address. The name can be up to 63 characters in length. |
| interface interface-name | (Optional) Specifies the outside interface string to which a translation is applied. |
| overloaded | (Optional) Specifies NAPT translation. |
| inside-vrf vrf-name | (Optional) Specifies the name of the inside VRF to which the IP address(es) specified in the access-list belong. |
| fullcone acl | (Optional) Specifies an access list that identifies protocols and ports to process as fullcone NAT. |
| restricted-cone acl | (Optional) Specifies an access list that identifies protocols and ports to process as restricted cone NAT. |
| port-restricted-cone acl | (Optional) Specifies an access list that identifies protocols and ports to process as port restricted cone NAT. |
If pool pool-name is not specified, a dynamic NAT firewall list rule is configured.
If overloaded is not specified, NAT translation occurs.
If interface interface-name is not specified, translation is enabled on all supported interfaces.
If inside-vrf vrf-name is not specified, an inside VRF is not associated with this translation.
If an access list for fullcone, restricted-cone, or port-restricted-cone NAT is not specified, or the packet does not match a cone access list entry, NAT applies a basic NAT binding to the packet flow.
Configuration command, Global configuration.
Packets from IPv4 addresses that match those on the specified IPv4 access list are translated using global addresses allocated from the named pool. The optional overload key enables NAPT translation. The optional interface parameter ensures that the translation only applies to packets being transmitted out the specified interface.
If a full, restricted, or port restricted cone NAT access list is specified, and the IPv4 packet protocol and port matches an access list entry, a cone NAT binding for the cone type is applied to the packet. See the Network Address Translation (NAT) Configuration chapter of the S-, K-, and 7100 Series Configuration Guide for a detailed cone NAT feature discussion.
This command is used when configuring a dynamic NAT firewall list rule. If the pool option is not specified, a dynamic NAT firewall list rule is configured. See the NAT firewall discussion in the Network Address Translation (NAT) Configuration chapter of the S-, K-, and 7100 Series Configuration Guide.
The “no” form of the command disables dynamic translation of inside source addresses for the specified NAT pool.
This example enables dynamic translation of inside interfaces for packets sourced for IP addresses that match the contents of access list 1 with outside IP addresses matching the contents of pool doc1 on outside interface VLAN 5:
System(rw-config)->ip nat inside source list 1 pool doc1 interface vlan 5
This example enables dynamic translation, on VRF vrf2, of inside addresses that match access list 1 on inside VRF vr1 with outside IP addresses matching pool doc1:
System(rw-vrf2-config)->ip nat inside source list 1 pool doc1 inside-vrf vr1
This example applies a full cone NAT binding, mapping the IPv4 source IP address and port to a global IP address and port selected from the doc1 pool for either:
System(rw-config)->ip nat inside source list acl1 pool doc1 fullcone fc_acl1
Print
this page
Email this topic
Feedback
View PDF
Download EPUB