Transcription of NAT Virtual Interface - community.cisco.com
1 Corporate Headquarters: cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USAC opyright 2005 cisco Systems, Inc. All rights Virtual InterfaceThe NAT Virtual Interface (NVI) feature removes the requirement to configure an Interface as either Network Address Translation (NAT) inside or NAT outside. An Interface can be configured to use NAT or not use allows traffic between overlapped VPN routing /forwarding (VRFs) in the same Provider Edge (PE) router, and traffic from inside to inside between overlapping for the NAT Virtual Interface FeatureFinding Support Information for Platforms and cisco IOS Software ImagesUse cisco Feature Navigator to find information about platform support and cisco IOS software image support. Access cisco Feature Navigator at You must have an account on If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
2 Contents Restrictions for NAT Virtual Interface , page 2 Information About NAT Virtual Interface , page 2 How to Configure NAT Virtual Interface , page 3 Configuration Examples for NAT Virtual Interface , page 5 Additional References, page 6 Command Reference, page (14)TThis feature was Virtual Interface Restrictions for NAT Virtual Interface2 cisco IOS Release (14)TRestrictions for NAT Virtual Interface Routemaps are not supported. Stateful Network Address Translation (SNAT) is not About NAT Virtual InterfaceBefore you configure the NAT Virtual Interface feature, you should understand the following concepts: NAT Virtual Interface Feature Design, page 2 NAT Virtual Interface Feature DesignThe NAT Virtual Interface feature allows all NAT traffic flows on the Virtual Interface , eliminating the need to specify inside and outside domains. When a domain is specified, the translation rules are applied either before or after route decisions depending on the traffic flow from inside to outside or outside to inside.
3 The translation rules are applied only after the route decision for an a NAT pool is shared for translating packets from multiple networks connected to a NAT router, an NVI is created and a static route is configured that forwards all packets addressed to the NAT pool to the NVI. The standard interfaces connected to various networks will be configured to identify that the traffic originating and receiving on the interfaces needs to be is not a new way of doing NAT; it s a new feature to resolve NAT 1 shows a typical NAT Virtual Interface 1 NAT Virtual Interface Typical 1 Ethernet 3 NAT-PEVRF-ServiceNAT EnabledNAT EnabledNAT EnabledVRF-ShopVRF-Bank127926 NAT Virtual Interface How to Configure NAT Virtual Interface3 cisco IOS Release (14)THow to Configure NAT Virtual InterfaceThis section contains the following procedures: Enabling a Dynamic NAT Virtual Interface , page 3 Enabling a Static NAT Virtual Interface , page 4 Enabling a Dynamic NAT Virtual InterfacePerform this task to enable a dynamic NAT Virtual type nat nat pool name start-ip end-ip netmask netmask nat source list access-list- number pool name vrf nat source list access-list- number pool name vrf nameDETAILED STEPSC ommand or ActionPurposeStep 1enableExample:Router> enableEnables privileged EXEC mode.
4 Enter your password if 2configure terminalExample:Router# configure terminalEnters global configuration 3interface type numberExample:Router(config)# Interface FastEthernet lConfigures an Interface type and enters Interface configuration 4ip nat enableExample:Router(config-if)# ip nat enableConfigures an Interface connecting VPNs and the Internet for NAT 5exitExample:Router(config-if)# exitReturns to global configuration Virtual Interface How to Configure NAT Virtual Interface4 cisco IOS Release (14)TEnabling a Static NAT Virtual InterfacePerform this task to enable a static NAT Virtual type nat nat source static local-ip global-ip vrf nameDETAILED STEPSStep 6ip nat pool name start-ip end-ip netmask netmask add-routeExample:Router(config)# ip nat pool pool1 netmask add-routeConfigures a NAT pool and associated 7ip nat source list access-list-number pool number vrf nameExample:Router(config)# ip nat source list 1 pool 1 vrf shopConfigures a NAT Virtual Interface without inside or outside specification for VPN customer 8ip nat source list access-list-number pool number vrf name overloadExample:Router(config)# ip nat source list 1 pool 1 vrf bank overloadConfigures a NAT Virtual Interface without inside or outside specification for VPN customer or ActionPurposeCommand or ActionPurposeStep 1enableExample:Router> enableEnables privileged EXEC mode.
5 Enter your password if 2configure terminalExample:Router# configure terminalEnters global configuration Virtual Interface Configuration Examples for NAT Virtual Interface5 cisco IOS Release (14)TConfiguration Examples for NAT Virtual InterfaceThis section provides the following configuration example: Enabling NAT Virtual Interface : Example, page 5 Enabling NAT Virtual Interface : ExampleThe following example shows how to configure NAT Virtual interfaces without the use of inside or outside source Ethernet0/0ip vrf forwarding bankip address nat enable! Interface Ethernet1/0ip vrf forwarding parkip address nat enable! Interface Serial2/0ip vrf forwarding servicesip address nat enable!ip nat pool NAT netmask add-routeip nat source list 1 pool NAT vrf bank overloadip nat source list 1 pool NAT vrf park overloadip nat source static vrf services! access-list 1 permit 3interface type numberExample:Router(config)# Interface FastEthernet lConfigures an Interface type and enters Interface configuration 4ip nat enableExample:Router(config-if)# ip nat enableConfigures an Interface connecting VPNs and the Internet for NAT 5exitExample:Router(config-if)# exitReturns to global configuration 6ip nat source static local-ip global-ip vrf nameExample:Router(config)# ip nat source static vrf bankConfigures a static or ActionPurposeNAT Virtual Interface Additional References6 cisco IOS Release (14)Taccess-list 1 permit !
6 Additional ReferencesThe following sections provide references related to the NAT Virtual Interface DocumentsStandardsMIBsRFCsRelated TopicDocument TitleIP NAT commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examplesCisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release NAT configuration tasks Configuring Network Address Translation section of Part 1 of the cisco IOS IP Configuration Guide, Release new or modified standards are supported by this feature. MIBsMIBs LinkNo new or modified MIBs are supported by this locate and download MIBs for selected platforms, cisco IOS releases, and feature sets, use cisco MIB Locator found at the following URL: RFCsTitleNo new or modified RFCs are supported by this feature. NAT Virtual Interface Command Reference7 cisco IOS Release (14)TTechnical AssistanceCommand ReferenceThis section documents new and modified commands only.
7 Ip nat enable ip nat pool ip nat sourceDescriptionLinkTechnical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered users can log in from this page to access even more Virtual Interface ip nat enable8 cisco IOS Release (14)Tip nat enableTo configure an Interface connecting VPNs and the Internet for Network Address Translation (NAT), use the ip nat enable command in Interface configuration mode. To remove the Interface configuration, use the no form of this nat enableno ip nat enableSyntax DescriptionThis command has no arguments or ModesInterface configurationCommand HistoryExamplesThe following example show how to configure an Interface connecting VPNs and the Internet for NAT translation: Interface Ethernet0/0ip vrf forwarding bankip address nat enableRelated (14)TThis command was nat poolDefines a pool of IP addresses for Network Address nat source Enables Network Address Translation on a Virtual Interface without inside or outside Virtual Interface ip nat pool9 cisco IOS Release (14)Tip nat poolTo define a pool of IP addresses for Network Address Translation (NAT), use the ip nat pool command in global configuration mode.
8 To remove one or more addresses from the pool, use the no form of this command. ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [add-route] [type {match-host | rotary}] [accounting list-name]no ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [add-route] [type {match-host | rotary}] [accounting list-name]Syntax DescriptionDefaultsNo pool of addresses is ModesGlobal configurationCommand HistorynameName of the IP address that defines the range of addresses in the address IP address that defines the range of addresses in the address netmaskNetwork mask that indicates which address bits belong to the network and subnetwork fields and which bits belong to the host field. Specify the netmask of the network to which the pool addresses prefix-lengthNumber that indicates how many bits of the netmask are ones (how many bits of the address indicate network).
9 Specify the netmask of the network to which the pool addresses (Optional) Specifies that a route has been added to the NVI Interface for the global (Optional) Indicates the type of (Optional) Specifies that the host number is to remain the same after translation. rotary(Optional) Indicates that the range of addresses in the address pool identifies real, inside hosts among which TCP load distribution will list-name(Optional) Indicates the RADIUS profile name that matches the RADIUS configuration in the command was (2)XEThe accounting keyword and list-name argument were (7)TThis command was integrated into cisco IOS Release (7) (14)TThe add-route keyword was Virtual Interface ip nat pool10 cisco IOS Release (14)TUsage GuidelinesThis command defines a pool of addresses using start address, end address, and either netmask or prefix length. The pool could define an inside global pool, an outside local pool, or a rotary following example translates between inside hosts addressed from either the or network to the globally unique network:ip nat pool net-208 prefix-length 28ip nat inside source list 1 pool net-208!
10 Interface ethernet 0ip address nat outside! Interface ethernet 1ip address nat inside!access-list 1 permit 1 permit following example shows that a route has been added to the NVI Interface for the global address:ip nat pool NAT netmask add-routeip nat source list 1 pool NAT vrf bank overloadRelated CommandsCommandDescriptionclear ip nat translationClears dynamic NAT translations from the translation ip natDisplays information about IP packets translated by nat Designates that traffic originating from or destined for the Interface is subject to nat inside sourceEnables NAT of the inside destination nat outside sourceEnables NAT of the outside source nat serviceEnables a port other than the default nat source Enables Network Address Translation on a Virtual Interface without inside or outside ip nat statisticsDisplays NAT ip nat translationsDisplays active NAT Virtual Interface ip nat source11 cisco IOS Release (14)Tip nat sourceTo enable Network Address Translation (NAT) on a Virtual Interface without inside or outside specification, use the ip nat source command in global configuration mode.
