In my previous post on NAT, I explained the difference between the 3 different types of NAT that can be configured. In this tutorial I’m going to cover the configuration steps to configure static NAT.
Static NAT is a one-to-one mapping. It allows us to translate a single IP address into a different single IP address. This is most commonly found when you have a server inside your DMZ that you would like to allow the outside world (The Internet) to connect to, such as E-mail servers, FTP servers and Web servers (if you’re hosting your own).
The first step in configuration static NAT, is to define which interfaces on your router are involved in the NAT process and then configuring your Cisco router to know which interface is on which side of the network. Your Cisco router needs to know which interface is the inside interface and which is the outside interface to allow the translation to take place.
For example purposes let’s assume that FastEthernet 0/0 is the inside interface, and Serial 0 is my outside.
AOIP.ORG # conf t
AOIP.ORG (config)# interface FastEthernet 0/0
AOIP.ORG (config-if)# ip nat inside
AOIP.ORG (config-if)# interface Serial 0
AOIP.ORG (config-if)# ip nat outside
So we have just informed our Cisco router of the inside and the outside, the next step is to tell your Router how to translate and what to translate.
Let’s assume that I have a server in my DMZ that has an IP address of 10.0.1.1 and I have a public IP address of 192.168.1.1 (yes I know this a private range part of RFC 1918, but for example purposes, let’s assume it’s not).
AOIP.ORG (config)# ip nat inside source static 10.0.1.1 192.168.1.1
That’s it, your done. When your server 10.0.1.1 connects to anything on Serial 0 and beyond, the source IP address will be translated into 192.168.1.1. Similarly, when someone from the Internet connects to the IP address 192.168.1.1 it will be translated into a destination IP address of 10.0.1.1 and hence connect to our server in the DMZ (Access-list permitting).