You want to translate specific internal IP addresses to specific external addresses.
For some applications, you need each internal (inside local) address to always translate to the same external (inside global) address. This is particularly true if you need inbound connections from the outside network to always reach a particular internal device, such as a web or email server:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip nat inside source static 192.168.1.15 172.16.1.10 Router(config)#ip nat inside source static 192.168.1.16 172.16.1.11 Router(config)#interface FastEthernet 0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface FastEthernet 0/1 Router(config-if)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface Ethernet1/0 Router(config-if)#ip address 172.16.1.2 255.255.255.0 Router(config-if)#ip nat outside Router(config-if)#end Router#
This recipe includes static translations for two internal devices. The internal address 192.168.1.15 will always appear on the outside as 172.16.1.10, and 192.168.1.16 will always appear as 172.16.1.11. Note that because these translations are static, they will work in either direction. Any packets sent to the NAT address from the external network will reach the internal device, and external devices can even initiate TCP sessions.
This example performs NAT translation only for these two specific addresses. The router will route all other addresses normally without any address translation.
|
|
|
| Top |