Allows a single globally routable address to be shared between multiple hosts on a network
This is one of the most frequently encountered type of NAT and is probably implemented on your home router.
When it sends out traffic, the router needs to change the source address from 192.168.1.x to whatever globally routable address is assigned on the "outside" interface. It needs to keep track of these egress translations so that it can direct the replies to the appropriate inside address.
1. Configure LAN interface
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
2. Configure WAN interface
interface Serial2/0
ip address 192.0.2.253 255.255.255.252
ip nat outside
3. Create access list containing LAN source addresses
ip access-list standard LAN_IN
permit 192.168.1.0 0.0.0.255
deny any
4. Create NAT rule to rewrite source address from outside to inside
ip nat inside source list LAN_IN interface Serial2/0 overload
In the above example, for traffic arriving from inside and leaving outside, we change the source address, as it leaves. When a reply arrives from the outside, we amend the destination address before it leaves via the inside.
In this example, we instead change the destination address prior to leaving outside. Conversely, we need to change the source address when replies arrive.
In this example, when a host on the inside contacts 8.8.8.8 the traffic is actually sent to 203.0.113.10.
! Packets intended for here
! |
! Are actually sent here |
! | |
ip nat outside source static 203.0.113.10 8.8.8.8