Configure Cisco router outgoing PAT or overload NAT for users to access Internet

From Notes_Wiki

Home > Switch configuration notes > Configure Cisco router outgoing PAT or overload NAT for users to access Internet

Following have been tested on Cisco CSR V1000 virtual router to allow users to access Internet via PAT (Overload NAT) via Cisco router

  1. Create a new virtual Cisco router or connect to a physical router over terminal / console
  2. Ensure IP addresses are given to two interfaces - Outside (Eg gigabitethernet 1 in this article) and Inside (GigabitEthernet 2 in this article)
  3. Create an access list for clients / users who can use PAT facility. For example 
    access-list 1 permit 10.1.3.0 0.0.0.255
    Here 10.1.3.0/24 is the IP addresses of the local clients who want to use PAT service via router
  4. (Optional) if there is more than one public IPs that can be used for PAT then we can define a IP pool for PAT purposes using. 
    ip nat pool <pool-name> <pool-start-ip> <pool-end-ip> netmask <net-mask>
    If this is not the case we can simply do PAT via router gigabitethernet 1 (outside) interface IP
  5. Configure nat using interface IP of outgoing (public) interface (Eg gigabitEthernet 1 in below example) 
    ip nat inside source list 1 interface GigabitEthernet 1 overload
    where: 1 is the access list defined for local users
    Gigabitethernet 1 is the outside (public) interface for outgoing traffic
    overload is critical to configure pat / overload nat
  6. (Optional) Other option is to configure PAT with pool of addresses using 
    ip nat inside source list 1 pool <pool-name> overload
  7. Specify inside and outside interfaces. For example if Gigabitethernet is outside (public) interface and Gigabit interface2 is inside (LAN / private) interface use: 
    config t
    

    interface GigabiEthernet 1
    

    ip nat outside
    

    interface GigabitEthernet 2
    

    ip nat inside
  8. Configure a system in inside IP range allowed as per access list 1 in above example and give gateway of this machine as router IP (Gigabit ethernet2 LAN / private IP). Try to reach a machine which is reachable only via outside IPs (Eg Internet)
  9. On router look at nat transalations using: 
    show ip nat translations
  10. If everything is working as expected save configuration: 
    copy running-config startup-config


Refer:



Home > Switch configuration notes > Configure Cisco router outgoing PAT or overload NAT for users to access Internet

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configure_Cisco_router_outgoing_PAT_or_overload_NAT_for_users_to_access_Internet&oldid=6124"