This chapter describes the function and displays the syntax for Network Address Translation (NAT) commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Dial Solutions Command Reference.
clear ip nat translation
To clear dynamic Network Address Translation (NAT) translations from the translation table, use the clear ip nat translation EXEC command.
clear ip nat translation {* | [inside global-ip local-ip] [outside local-ip global-ip]}
clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip global-ip]
| * | Clears all dynamic translations. |
| inside global-ip | (Optional) When used without the arguments protocol, global-port, and local-port, clears a simple translation that also contains the specified local-ip address. When used with the arguments protocol, global-port, and local-port, clears an extended translation. |
| outside local-ip | (Optional) Clears an entry that contains this local IP address and the specified global-ip address. |
| protocol | (Optional) Clears an entry that contains this protocol and the specified global-ip address, local-ip address, global-port, and local-port. |
| global-port | (Optional) Clears an entry that contains this global-port and the specified protocol, global-ip address, local-ip address, and local-port. |
| local-port | (Optional) Clears an entry that contains this local-port and the specified protocol, global-ip address, local-ip address, and global-port. |
ip nat
To designate that traffic originating from or destined for the interface is subject to Network Address Translation (NAT), use the ip nat interface configuration command. To prevent the interface from being able to translate, use the no form of this command.
ip nat {inside | outside}
no ip nat {inside | outside}
| inside | Indicates the interface is connected to the inside network (the network subject to NAT translation). |
| outside | Indicates the interface is connected to the outside network. |
ip nat inside destination
To enable Network Address Translation (NAT) of the inside destination address, use the ip nat inside destination global configuration command. To remove the dynamic association to a pool, use the no form of this command.
ip nat inside destination list {access-list-number | name} pool name
no ip nat inside destination list {access-list-number | name}
| list access-list-number | Standard IP access list number. Packets with destination addresses that pass the access list are translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with destination addresses that pass the access list are translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated during dynamic translation. |
ip nat inside source
To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source global configuration command. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.
ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip
global-ip}
no ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip
global-ip}
| list access-list-number | Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated dynamically. |
| overload | (Optional) Enables the router to use one global address for many local addresses. When overloading is configured, each inside host's TCP or UDP port number distinguishes between the multiple conversations using the same local IP address. |
| static local-ip | Sets up a single static translation; this argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete. |
| global-ip | Sets up a single static translation; this argument establishes the globally unique IP address of an inside host as it appears to the outside world. |
ip nat outside source
To enable Network Address Translation (NAT) of the outside source address, use the ip nat outside source global configuration command. To remove the static entry or the dynamic association, use the no form of this command.
ip nat outside source {list {access-list-number | name} pool name | static global-ip local-ip}
no ip nat outside source {list {access-list-number | name} pool name | static global-ip local-ip}
| list access-list-number | Standard IP access list number. Packets with source addresses that pass the access list are translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with source addresses that pass the access list are translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated. |
| static global-ip | Sets up a single static translation. This argument establishes the globally unique IP address assigned to a host on the outside network by its owner. It was allocated from globally routable network space. |
| local-ip | Sets up a single static translation. This argument establishes the local IP address of an outside host as it appears to the inside world. The address was allocated from address space routable on the inside (RFC 1918). |
ip nat pool
To define a pool of IP addresses for Network Address Translation (NAT), use the ip nat pool global configuration command. To remove one or more addresses from the pool, use the no form of this command.
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
[type rotary]
no ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
[type rotary]
| name | Name of the pool. |
| start-ip | Starting IP address that defines the range of addresses in the address pool. |
| end-ip | Ending IP address that defines the range of addresses in the address pool. |
| netmask netmask | Network mask that indicates which address bits belong to the network and subnetwork fields and which bits belong to the host field. Specify the netmask of the network to which the pool addresses belong. |
| prefix-length prefix-length | Number that indicates how many bits of the netmask are ones (how many bits of the address indicate network). Specify the netmask of the network to which the pool addresses belong. |
| type rotary | (Optional) Indicates that the range of address in the address pool identify real, inside hosts among which TCP load distribution will occur. |
ip nat translation
To change the amount of time after which Network Address Translation (NAT) translations time out, use the ip nat translation global configuration command. To disable the timeout, use the no form of this command.
ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout} seconds
no ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout}
| timeout | Specifies that the timeout value applies to dynamic translations except for overload translations. Default is 86400 seconds (24 hours). |
| udp-timeout | Specifies that the timeout value applies to the UDP port. Default is 300seconds (5 minutes). |
| dns-timeout | Specifies that the timeout value applies to connections to the Domain Name System (DNS). Default is 60 seconds. |
| tcp-timeout | Specifies that the timeout value applies to the TCP port. The default is 86400seconds (24 hours). |
| finrst-timeout | Specifies that the timeout value applies to Finish and Reset TCP packets, which terminate a connection. Default is 60 seconds. |
| seconds | Number of seconds after which the specified port translation times out. Default values are listed in the Default section. |
show ip nat statistics
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC command.
show ip nat statistics
show ip nat translations
To display active Network Address Translation (NAT) translations, use the show ip nat translations EXEC command.
show ip nat translations [verbose]
| verbose | (Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used. |
