Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

This Question is Answered
9158 Views 6 Replies Latest reply: Sep 8, 2012 4:18 PM by realdreams RSS

Currently Being Moderated

IP NAT enable command

Feb 3, 2011 12:09 AM

Mihai 4 posts since
Dec 6, 2010

Hello to everybody,

 

Can anyone help me with the "ip nat enable" command? what is the difference between this one and the "ip nat inside/outside" commands? I have tryed to use it but no nat occurs.

 

Any help will highly apreciated.

 

Mihai

  • Conwyn 7,907 posts since
    Sep 10, 2008
    Currently Being Moderated
    1. Feb 3, 2011 1:14 AM (in response to Mihai)
    Re: IP NAT enable command

    Hi Mihai

     

    CLN has a search facility.

     

    Try  https://learningnetwork.cisco.com/message/60384#60384

     

    Regards Conwyn

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    2. Feb 3, 2011 4:53 PM (in response to Mihai)
    Re: IP NAT enable command

    Hello Mihai-

     

    I have made this mistake before, and here is the fix.

     

    When we use the ip nat enable command, we also need to slightly modify the nat statement in global config as well (to remove the word "inside" in global config).

     

    In my example, I am using the static, but the dynamic would be similar.

     

    R2(config)#no ip nat inside source static 10.0.0.1 interface FastEthernet0/1

     

    R2(config)#ip nat source static 10.0.0.1 interface fastEthernet 0/1

     

    Best wishes,

     

    Keith

  • Paul Stewart  -  CCIE Security, CCSI 6,989 posts since
    Jul 18, 2008

    I have made the other mistake before.  I have used the normal ip nat inside/outside interface commands and accidentally left the "inside" out of the "ip nat inside source statix x.x.x.x y.y.y.y" it does not work as expected.  That is a little hard to spot.  There are a few things (like stateful nat) that require the older method (using ip nat inside and ip nat outside, along with the related ip nat inside source static list x x.x.x command).

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    4. Feb 7, 2011 8:32 AM (in response to Mihai)
    Re: IP NAT enable command

    3 routers CLN4-no-user.png

     

    Here is the full config for R2:

     

    conf t

    ip nat source static 10.0.0.1 23.0.0.1

    int fa 0/0

    ip nat enable

    int fa 0/1

    ip nat enable

    end

     

    On R1:

     

    R1#telnet 3.3.3.3

    Trying 3.3.3.3 ... Open

     

    R3#who

        Line       User       Host(s)    Idle       Location

       0 con 0                idle       00:00:41  

    * 98 vty 0                idle       00:00:00 23.0.0.1

    (Note: the source address is the post NAT address of 23.0.0.1)

    R3#


     

    (Note: the normal command of show ip nat translations, may not show any translations, but the command show ip nat nvi translations does. )

    R2#show ip nat nvi translations

    Pro Source global      Source local     Destin  local Destin  global

    tcp 23.0.0.1:47045     10.0.0.1:47045   3.3.3.3:23    3.3.3.3:23

    --- 23.0.0.1           10.0.0.1         ---           ---

     

    Best wishes,

     

    Keith

  • Currently Being Moderated
    Re: IP NAT enable command

    Thank you very much. I made the same mistake... took me quite a while to troubleshot.....

     

    What exactly does "ip nat inside source statix x.x.x.x y.y.y.y" it does not work as expected" do ?

Actions

More Like This

  • Retrieving data ...

Incoming Links

Bookmarked By (0)