Abrer_Wiki

Static NAT requires few configuration steps. Each static mapping between local and global addresses must be configured. Not unlike a static entry for every static IP address required. You must inform the router on which interfaces to use NAT. Interface subcommands inform the router which interfaces are inside / outside.

1. ip nat inside command on an interface to specify inside.
2. ip nat outside command on an interface to specify outside.
3. ip nat inside source static inside-local inside-global from global config to configure the static mappings.
4. inside local will be a LAN IP - inside global will be your public IP (an EXTRA public IP).

Create an access list to match a group of source addresses as needed – why else would we overload?

R1(config-std-nacl)#permit 10.1.1.0 0.0.0.255

R1#sh access-lists 
Standard IP access list NAT
    10 permit 10.1.1.0, wildcard bits 0.0.0.255 (2 matches)
    20 deny   any

Then configure NAT to match against entries in the NAT list configured above. Specify OVERLOAD to enable PAT.

ip nat inside source list MY_LIST int fa0/0 OVERLOAD

R1#sh ip nat statistics 
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  FastEthernet0/0, Serial0/0
Inside interfaces: 
  FastEthernet0/1, Loopback0
Hits: 16  Misses: 2
CEF Translated packets: 18, CEF Punted packets: 0
Expired translations: 2
Dynamic mappings:
-- Inside Source
[Id: 2] access-list NAT interface FastEthernet0/0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

R1#sh ip nat translations 
Pro Inside global      Inside local       Outside local      Outside global
icmp 2.2.2.1:1         10.1.1.1:1         2.2.2.2:1          2.2.2.2:1
icmp 2.2.2.1:11        10.1.1.3:11        2.2.2.2:11         2.2.2.2:11

Useful with dynamic NAT in the event you run out of dynamic addresses to translate to. Clearing translations will free up slots if the clearout timer isn't quick enough.

R1#clear ip nat translation *

Examine the following show command output on a router configured for dynamic NAT:

-- Inside Source

access-list 1 pool fred refcount 2288

 pool fred: netmask 255.255.255.240

    start 200.1.1.1 end 200.1.1.7

    type generic, total addresses 7, allocated 7 (100%), misses 965
Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause?

The NAT pool does not have enough entries to satisfy all requests.

The problem is not related to NAT, based on the information in the command output.

The command output does not supply enough information to identify the problem.

Standard ACL 1 cannot be used; an extended ACL must be used. You answered this question correctly. ×

Explanation: The last line mentions that the pool has seven addresses, with all seven allocated, with the misses counter close to 1000 - meaning that close to 1000 new flows were rejected because of insufficient space in the NAT pool.