Configuring NAT (Network Address Translation) on a Cisco 1921 Router.

Posted on March 11, 2014 by jbernec

These are the steps I would follow to configure NAT (Network Address Translation) on a Cisco 1921 Router. The tool of choice is Putty configured to log the commands. You could use the Cisco IOS context Help to assist with the configuration:

1) Open the Putty application and select the Serial Port Connection Type to logon locally to the router device. Edit the Com port number to your settings and click Open. I’m using a Serial-to-USB adapter with the Router Console cable.

Putty1

2) You will be prompted to enter the initial configuration mode. Type no and enter.

putty2

3) To effect the initial configuration of the router, enter privileged mode, then the configuration mode. Configure the Router name, the enable secret password, and service password-encryption(this command encrypts all passwords) . Still in config mode,enter the line console mode and enable the logging synchronous function:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host ?
Router(config)#hostname LabRouter
LabRouter(config)#service passw ?
LabRouter(config)#service password-encryption
LabRouter(config)#line conso ?
LabRouter(config)#line console 0
LabRouter(config-line)#loggi ?
LabRouter(config-line)#logging synch
LabRouter(config-line)#logging synchronous
LabRouter(config-line)#exit
LabRouter(config)#enable sec ?
LabRouter(config)#enable secret password
LabRouter(config)#line vty 0  4
LabRouter(config-line)#passw ?
LabRouter(config-line)#password password
LabRouter(config-line)#logi ?
LabRouter(config-line)#login
LabRouter(config-line)#exit

4) Specify and Configure the inside interface IP Address and Interface Nat specification:

LabRouter(config)#inter ?
LabRouter(config)#interface gi ?
LabRouter(config)#interface gigabitEthernet 0/0
LabRouter(config-if)#desc ?
LabRouter(config-if)#description Inside Interface
LabRouter(config-if)#ip add ?
LabRouter(config-if)#ip address 10.0.0.3 255.255.255.0
LabRouter(config-if)#no shu ?
LabRouter(config-if)#no shutdown
LabRouter(config-if)#
Jan 21 22:30:30.947: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
LabRouter(config-if)#ip nat
LabRouter(config-if)#ip nat ins ?
LabRouter(config-if)#ip nat inside

Jan 21 22:30:40.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
LabRouter(config-if)#exit

4) Specify and Configure the outside interface IP Address and Interface Nat specification:

LabRouter(config)#inter ?
LabRouter(config)#interface gi ?
LabRouter(config)#interface gigabitEthernet 0/1
LabRouter(config-if)#desc ?
LabRouter(config-if)#description Outside Interface
LabRouter(config-if)#no shu ?
LabRouter(config-if)#no shutdown
LabRouter(config-if)#ip nat
LabRouter(config-if)#ip nat
Jan 21 22:31:34.763: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
LabRouter(config-if)#ip nat outs ?
LabRouter(config-if)#ip nat outside
LabRouter(config-if)#exit
LabRouter(config)#interface gi ?
LabRouter(config)#interface gigabitEthernet 0/1
LabRouter(config-if)#ip add ?
LabRouter(config-if)#ip address 10.0.1.2 255.255.255.0
LabRouter(config-if)#exit
LabRouter(config)#exit

5) Configure the access list condition that will be referenced in the address translation policy:

LabRouter(config)#ace ?
LabRouter(config)#access-list 20 per
LabRouter(config)#access-list 20 permit ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address

LabRouter(config)#access-list 20 permit any
LabRouter(config)#access-list 20 permit any ?
log Log matches against this entry

LabRouter(config)#access-list 20 permit any

This is a basic standard access list that is set to permit any traffic.

6) Configure the NAT policy using the already configured access list:

LabRouter(config)#ip nat ?
Stateful Stateful NAT configuration commands
create Create flow entries
inside Inside address translation
log NAT Logging
outside Outside address translation

LabRouter(config)#ip nat inside ?
destination Destination address translation
source Source address translation

LabRouter(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping

LabRouter(config)#ip nat inside source list 20 ?
interface Specify interface for global address
pool Name pool of global addresses

LabRouter(config)#ip nat inside source list 20 interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CTunnel CTunnel interface
Dialer Dialer interface
Embedded-Service-Engine cisco embedded service engine module
GigabitEthernet GigabitEthernet IEEE 802.3z

LabRouter(config)#ip nat inside source list 20 interface GigabitEthernet 0/1  ?
no-payload No translation of embedded address/port in the payload
overload Overload an address translation
reversible Allow out->in traffic
vrf Specify vrf

LabRouter(config)#ip nat inside source list 20 interface GigabitEthernet 0/1 overload      

7) Save the configuration by first exiting the global configuration mode:

LabRouter(config)#exit
Jan 21 22:34:04.815: %SYS-5-CONFIG_I: Configured from console by console

LabRouter#copy run start ?
LabRouter#copy run startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Advertisement
This entry was posted in Access-Lists, Cisco, NAT, Network Address Translation, Router and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s