NAT Mapping

NAT Mapping

Mapping Syntax

Options

Examples

Related Commands

NAT Mapping

This section of the configuration defines the one-to-one translation pairs of the NAT (Network Address Translation) mapping database. These pairs allow the user to provide access from the internal or external network to selected parts of the NAT internal network, such as a web server.

edit config NAT Mapping

Mapping Syntax

After entering the edit config command, and then the append command, enter one or more mappings using the following syntax:

internal_IP_ address[/bits | :tcpudp_port] {-> | = } external_IP_address[/bits | :tcpudp_port]

Options

internal_IP_address

This is the IP address on the internal network to be mapped to the external IP address. It must be entered first, followed by "->" (dash+right angle bracket) or " =" and the external_IP_address. The internal_IP_address must be within the range (or ranges) of IP addresses defined by theInternalRange keyword(s) in the NAT Global section. IP addresses must be specified in normal dotted-decimal notation. If the rightmost components are 0, they are treated as wild cards (e.g., 128.138.12.0 includes all devices on the 128.138.12 subnet).

external_IP_address

This is the IP address on the external network to be mapped to the internal IP address. The external_IP_address must be within the range of IP addresses defined by the ExternalRange keyword in the NAT Global section.

If only a single external IP address is available for the NAT router, do not map that IP address to an internal IP address, because you will no longer be able to communicate with the router. Mapping single ports of the single external IP address to internal IP_address:tcpudp_port combinations (e.g., creating access to a web server in the internal NAT network) is acceptable, however.

[/bits | :tcpudp_port]

/bits specifies a mask for the IP address.

:tcpudp_port maps an address and TCP/UDP port. If you map the tcpudp_port, you need to use a tcpudp_port on both addresses. Mapping an address and TCP/UDP port to another address and TCP/UDP port allows more control of the type of traffic NAT translates. For example, to map only HTTP traffic in an address range, you can specify port 80. Most servers use a fixed, well-known port number for listening to a particular service. The major services and their port numbers are listed below. For a detailed list of reserved services and port numbers, refer to RFC 1700.

DNS (53)
SMTP (25)
finger (79)
SNMP (161, 162)
FTP (20, 21)
syslog (514)
Gopher (70)
talk (517, 518)
HTTP (80)

Telnet (23)
NNTP (119)
TFTP (69)
NTP (123 )
UUCP (9540)
POP (109, 110)
WAIS (210)
RIP (520)
whois (43)

internal_IP_address	This is the IP address on the internal network to be mapped to the external IP address. It must be entered first, followed by "->" (dash+right angle bracket) or " =" and the external_IP_address. The internal_IP_address must be within the range (or ranges) of IP addresses defined by theInternalRange keyword(s) in the NAT Global section. IP addresses must be specified in normal dotted-decimal notation. If the rightmost components are 0, they are treated as wild cards (e.g., 128.138.12.0 includes all devices on the 128.138.12 subnet).
external_IP_address	This is the IP address on the external network to be mapped to the internal IP address. The external_IP_address must be within the range of IP addresses defined by the ExternalRange keyword in the NAT Global section. If only a single external IP address is available for the NAT router, do not map that IP address to an internal IP address, because you will no longer be able to communicate with the router. Mapping single ports of the single external IP address to internal IP_address:tcpudp_port combinations (e.g., creating access to a web server in the internal NAT network) is acceptable, however.
[/bits \| :tcpudp_port]	/bits specifies a mask for the IP address. :tcpudp_port maps an address and TCP/UDP port. If you map the tcpudp_port, you need to use a tcpudp_port on both addresses. Mapping an address and TCP/UDP port to another address and TCP/UDP port allows more control of the type of traffic NAT translates. For example, to map only HTTP traffic in an address range, you can specify port 80. Most servers use a fixed, well-known port number for listening to a particular service. The major services and their port numbers are listed below. For a detailed list of reserved services and port numbers, refer to RFC 1700.
	DNS (53) SMTP (25) finger (79) SNMP (161, 162) FTP (20, 21) syslog (514) Gopher (70) talk (517, 518) HTTP (80)	Telnet (23) NNTP (119) TFTP (69) NTP (123 ) UUCP (9540) POP (109, 110) WAIS (210) RIP (520) whois (43)

Examples

The following example shows one IP address being translated into another.

[ NAT Mapping ]
10.5.3.20 -> 198.41.9.194

The following example shows individual sockets (IP address and port combination) being mapped as a translation pair.

[ NAT Mapping ]
10.5.3.10:80 -> 198.41.9.195:80

The following example shows a range of IP addresses being mapped as a translation pair.

[ NAT Mapping ]
10.5.3.0/29 -> 198.41.9.200/29

Related Commands

Command Description

configure IP

Configures IP parameters for an interface

configure NAT Global

Configures NAT parameters for the device

show ip

Shows IP configuration and statistics

show nat

Shows NAT configuration and statistics

Command	Description
configure IP	Configures IP parameters for an interface
configure NAT Global	Configures NAT parameters for the device
show ip	Shows IP configuration and statistics
show nat	Shows NAT configuration and statistics

Table of Contents

NAT Mapping

Mapping Syntax

Options

Examples

Related Commands