How do i configure NAT on a CISCO 1750

[qubic]

Below is the current config. What commands do I need to use to enable NAT on both the INSIDE and OUTSIDE interfaces.

!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sticky-1750
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$hJW7$uEXfa2nQ7Dnq21zA6S3Bf/
!
memory-size iomem 25
ip subnet-zero
no ip finger
no ip domain-lookup
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 10.0.0.4 255.0.0.0
speed auto
!
interface Serial0
description Connection to voicepath
bandwidth 512
ip address 195.12.28.194 255.255.255.252
encapsulation frame-relay IETF
no fair-queue
frame-relay interface-dlci 25
frame-relay lmi-type ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 195.12.28.193
ip route 192.168.136.0 255.255.255.0 192.168.137.251
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 18 permit 10.0.0.0 0.255.255.255
!
line con 0
password turkey
login
transport input none
line aux 0
password turkey
login
line vty 0 4
password turkey
login
!
no scheduler allocate
end

 

[Rucus1]

Which two interfaces do you want to do NAT between. Do you have a set of ip addresses you are going to translate to, or are you just planning on overloading the interface?

 

[likes2hack]

I can assume that your inside interface is FE0 and your outside is S0 just from the ip addresses.

So what kind of NAT do you need? If you need your private 10.0 range users to always have the same outside pooled address then you probably want Static NAT. If they dont need the same external IP address each time but do need to allow for connections that originate from the outside to reach them on the inside (hosting an interal web server or what ever) then you might want Dynamic NAT. But if you either have few external addresses you can use, don't want or need external connection attempts to get to your internal private ip addresses, or just really don't have an idea then you probably want PAT (port address translation).

You show 195.12.28.192 255.255.255.252 which gives you .193 and .194 to play with. But your static last resort route is to .193 so I have to assume that one is already taken. So I have to assume you only have .194 to use as the pool address for your NAT. If that's the case then you will definitly need PAT.

To continue on with these assumtions goes something like this:

First you need to make an access-list for your internal IPs. You already have used acc 1 for some 192. stuff so we'll use 2.

router(config)#: acc 2 perm 10.0.0.0 0.255.255.255

Next you need to make your pool.

router(config)#: ip nat pool PickNameHere 195.12.28.194 195.12.28.194 netmask 255.255.255.252

Now specify the type nat and apply your ACL

router(config)#: ip nat inside source list 2 pool PickNameHere overload

The overload command at the end makes this PAT. Last but not least you must tell your interfaces whats going on.

router(config)#:int fe0
rotuer(config-if)#: ip nat inside
router(config-if)#: int s0
router(config-if)#: ip nat outside

That's it.

As a side note if you need to change your ip nat statements after setting up you will need to come out of global mode (but still in enable mode) and do a "clear ip nat tran *" to clear the nat table or else you will get nothing but errors since the table will have the nat statements locked.