Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

ip nat inside source static (NAPT)

Use this command to enable static NAPT translation of inside source addresses.

Syntax

ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]
no ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]

Parameters

tcp | udp Specifies the protocol to be used for this static NAPT translation.
local-ip Specifies the private IP address for this static NAPT translation.
local-port Specifies the L4 source port associated with the private IP address for this static NAPT translation.
global-ip Specifies the unique public IP address for this static NAPT translation.
global-port Specifies the L4 translated source port port associated with the unique public IP address for this static NAPT translation.
inside-vrf vrf-name (Optional) Specifies the name of the VRF to which the local IP address belongs.
fullcone acl (Optional) Specifies an access list that identifies protocols and ports to process as fullcone NAT.
restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as restricted cone NAT.
port-restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as port restricted cone NAT.

Defaults

If inside-vrf vrf-name is not specified, an inside VRF is not associated with this translation.

Mode

Configuration command, Global configuration.

Usage

Packets for the specified protocol from addresses that match the IP address and port for this static entry are translated.

If a full, restricted, or port restricted cone NAT access list is specified, and the IPv4 packet protocol and port matches an access list entry, a cone NAT binding for the cone type is applied to the packet. See the Network Address Translation (NAT) Configuration chapter of the S-, K-, and 7100 Series Configuration Guide for a detailed cone NAT feature discussion.

The “no” form of the command deletes the specified static NAPT translation.

Example

This example enables a static NAPT translation of inside source addresses for private local address 10.10.10.51 on port 123 destined for and transmitting from unique public address 45.20.10.6 on port 121:

System(rw-config)->ip nat inside source static tcp 10.10.10.51 123 45.20.10.6 121

This example enables a static NAPT translation of inside source addresses for private local address 10.10.10.51 on port 123 destined for and transmitting from unique public address 45.20.10.6 on port 121, specifying that the inside address is on VRF vr1:

System(rw-config)->ip nat inside source static tcp 10.10.10.51 123 45.20.10.6 121 inside-vrf vr1

This example applies a full cone NAT binding, mapping the IPv4 source IP address 10.10.10.50 on port 123 to the global IP address 45.20.10.5 on port 123 for either:

  • Packets on an inside interface destined for any IPv6 address on an outside interface that match the protocol and port specified in an fc_acl1 entry
  • or, any outside traffic destined to the binding‘s 45.20.10.5 global IP address to be mapped to the 10.10.10.50 inside address
    System(rw-config)->ip nat inside source static 10.10.10.50 45.20.10.5 fullcone fc_acl1
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page