– Static PAT configuration (Port Redirection)
Router(config) # ip nat inside source static (protocol) (inside_local_address port) (inside_global_address port)
For example:
Router(config) # ip nat inside source static tcp 10.0.0.1 8080 202.103.2.1 80 (Address 10.10.0.1:8080 will be converted to 202.103.2.1:80 when leaving the Router)
– After configuration is complete, it must be applied to the in port and out portin the example below, the Ethernet port is the input port, and the Serial port is the output port
Router(config) # interface ethernet 0
Router(config-if) # ip nat inside
Router(config) # interface serial 0
Router(config-if) # ip nat outside
Apply:
Let’s jump right into configuration Static PAT static on the router Cisco Routers as shown in Figure below:
R1 is the router that performs network address translation (NAT) and has two interfaces: Fa0/0 on the inside and Fa0/1 on the outside. The specific IP addresses involved are:
You probably know very well how to configure the IP address on the router interface, so we skip those configuration steps. First, we have to assign Fa0/0 as NAT inside the interface and Fa0/1 as NAT outside the interface on R1. This will tell the router that traffic entering or exiting these two interfaces will depend on address translation.
R1#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Fa0/0
R1(config-if)#ip nat inside
R1(config-if)#interface Fa0/1
R1(config-if)#ip nat outside
R1(config-if)#end
Static PAT designed to allow one-to-one mapping between local and global addresses.
Common usage of Static PAT is to allow Internet users from a public network to access a Web server located on a private network.
Suppose we plan to host a Web server internally on the same PC, with an IP address 192.168.1.2. The following configuration line will allow us to do that:
R1(config)#ip nat inside source static tcp 192.168.1.2 80 89.203.12.47 80
This configuration line performs static address translation for the Web server. With this configuration line, a user attempting to access 89.203.12.47 port 80 (www) will automatically be redirected to 192.168.1.2 port 80 (www). In this case, 192.168.1.2 is the IP address of the PC that is also the Web server.
Note: address 89.203.12.47 with port number 80 (HTTP) converts to 192.168.1.2 port 80 and vice versa. Therefore, Internet users can browse the Web server even though the Web server is on a private network with a private IP address (Private IP).
For details see here: Configure NAT and PAT on Cisco Router devices
Xem tiếp...