A Cisco solution that’s perfectly NAT-ural

Home > Blogs > Cisco > A Cisco solution that’s perfectly NAT-ural

A Cisco solution that’s perfectly NAT-ural

Like This Blog 0Mark Jacob
Added by February 25, 2015

If you are reaching for your CCNA Routing and Switching certification, you probably already know that configuring NAT is on the list of stuff to know. In the CCNA world, this is accomplished using dynamic NAT, or NAT pools, as one solution, or Port Address Translation (PAT) for the other solution. Static NAT is mentioned in the official CCNA curriculum for the CCNA classes, but the labs do not require a student to actually configure it. What I want to show today is an alternate method to configure NAT which works just fine, but is NOT the method used in CCNA R&S.

This blog assumes that you already have a basic understanding of NAT configuration. If you want to brush up on your understanding of NAT before diving in, feel free to take a look at my previous blog on the topic Troubleshooting NAT pools on Cisco routers. The main point here is to enable NAT on an interface (or several interfaces) without specifying an inside or outside interface. Let’s take a look at the topology which will be used in this discussion:


The objective is to permit the two clients to access the (fake) Internet hosted on the WWW router, or more precisely, to be able to reach the target address of (borrowed from Google). The two clients are actually Cisco routers in client clothing, so I have disabled ip routing on each of them using the command no ip routing from global configuration mode. I have then configured a default-gateway on each which is for Client1 and for Client2. What remains is to configure NAT on the NAT-RTR.

You may also like:  How to create a simple network topology using Cisco’s VIRL

First, let’s make sure that NAT-RTR can hit the address, because if it can’t get there, our clients are not going to have much success either:


Yay! Success. Now let’s configure the f0/0 interface so that it can speak trunk (802.1q) with SW1. Note that this topology was created using GNS3 1.2.1 and that SW1 is a vanilla ethernet switch which has been preconfigured with port 1 in VLAN 10, port 2 in VLAN 20, and port 8 configured as a trunk link. The steps on NAT-RTR:


Now to repeat the steps for our second subinterface:


Let’s include int f0/1 in the NAT process:


We still need to create an access-list to allow our traffic of choice.


Now to actually fire up the NAT process:


If everything is working as expected, I should be able to hit the address from each of my clients. Let’s check:


All is well on Client1. The last verification step is to try Client2:

You may also like:  How to spiff up your banners in Cisco IOS


So both clients can now hit an external IP address using the NAT-RTR as the initial objective stipulated. We can see that the NAT process is working even though I have not configured NAT inside or NAT outside. You may find it interesting to note that even after a successful ping from one of the clients, the command show ip nat translations will return no results. This is because using the command ip nat enable creates a NAT Virtual Interface (nvi) so if you want to see the NAT activity, you must type show ip nat nvi translation like so:


As mentioned, this is not an expectation if you are studying for your CCNA R&S, but it is way cool to know other ways of accomplishing similar tasks! If you have suggestions or comments, I would love to hear them.

Until next time…

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 16 1

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

IPv6 Port Redirection

0 14 0

In this video, Cisco CCNA and CompTIA Network + Instructor Mark Jacob demonstrates how to do port redirections in IPv6. If you have any questions or comments, please feel free to post them. Until next time. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ You May Also LikeIPv6 Port RedirectionCCNA … Continue reading IPv6 Port Redirection

Detailed Forensic Investigation of Malware Infections – April 21, 2015

1 52 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.