Sample NAT configuration for cisco router

Sample Configuration to Allow Internal Users to Access the Internet interface ethernet 0 ip address 10.10.10.1 255.255.255.0 ip nat inside interface ethernet 1 ip address 10.10.20.1 255.255.255.0 ip nat inside ! two lan networks are connected to internet interface serial 0 ip address 172.16.10.64 255.255.255.0 ip nat outside ip nat pool mypool 172.16.10.1 172.16.10.63 prefix 24 ! just type the first ip, last ip, mask of these ip ip nat inside source list 7 pool mypool ! ! !--- Indicates that any packets received on the inside interface that !--- are permitted by access-list 7 !--- will have the source address translated to an address out of the !--- NAT pool "mypool". access-list 7 permit 10.10.10.0 0.0.0.31 access-list 7 permit 10.10.20.0 0.0.0.31 !--- Access-list 7 permits packets with source addresses ranging from !--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31. Further details available at http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Configuring NAT to Allow Internal Users to Access the Internet Using Overloading interface ethernet 0 ip address 10.10.10.1 255.255.255.0 ip nat inside interface ethernet 1 ip address 10.10.20.1 255.255.255.0 ip nat inside interface serial 0 ip address 172.16.10.64 255.255.255.0 ip nat outside ip nat pool mypool 172.16.10.1 172.16.10.1 prefix 24 ! !--- Defines a NAT pool named mypool with a range of a single IP !--- address, 172.16.10.1. ip nat inside source list 7 pool mypool overload ! ! ! ! !--- Indicates that any packets received on the inside interface that !--- are permitted by access-list 7 will have the source address !--- translated to an address out of the NAT pool named mypool. !--- Translations will be overloaded which will allow multiple inside !--- devices to be translated to the same valid IP address. access-list 7 permit 10.10.10.0 0.0.0.31 access-list 7 permit 10.10.20.0 0.0.0.31 !--- Access-list 7 permits packets with source addresses ranging from !--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Configuring NAT to Redirect TCP Traffic to Another TCP Port or Address: interface ethernet 0 ip address 172.16.10.1 255.255.255.0 ip nat inside interface serial 0 ip address 200.200.200.5 255.255.255.252 ip nat outside ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80 !--- Static NAT command that states any packet received in the inside !--- interface with a source IP address of 172.16.10.8:8080 will be !--- translated to 172.16.10.8:80. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ How to configure a webserver having private ip address to be reached by public?

How to configure a Cisco Router for NATing a web server having Private IP Address. interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside interface Serial0/0 ip address 50.50.50.1 255.255.255.252 ip nat outside ! ! ip nat inside source list 101 interface Serial0/0 overload ip nat inside source static tcp 192.168.1.2 80 interface Serial0/0 80 ! access-list 101 permit ip any any         Meaning of interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside   This office is having a LAN network. All the machines in this work are having private IP addresses in the range of 192.168.1. x.   What is Private IP Address? The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (normally LAN networks) . 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255   What is "ip nat inside"? NAT means Network Address Translation. " inside " refers to INTERNAL NETWORK. In our example, it refers to the LAN network(192.168.1.0/24) having private ip addresses. "ip nat inside" means, whenever a packet having the source ip address 192.168.1.0/24 going out , its ip address is will be changed, provided, the packet should go out through an internface marked as "ip nat outside" access-list also should permit. the destination ip address should be one of the "nat pool"       Meaning of interface Serial0/0 ip address 50.50.50.1 255.255.255.252 ip nat outside   What is "ip nat outside"? " outside" refers to EXTERNAL NETWORK network. It is WAN network (50.50.50.0/30) which is a public network.   Meaning of access-list 101 permit ip any any   Whichever interface is marked with "101" should allow any packet   Suppose , if the access-list is configured like this: access-list 101 permit ip 192.168.1.0 0.0.0.63 any Then, the access list gives permission only to 192.168.1.1 to 192.168.1.63. So, access list is for limiting the LAN IPs which can get internet.       Meaning of : ip nat inside source list 101 interface Serial0/0 overload Any packet which is having SOURCE ip address from the network which is declared as "ip nat inside" will get a NEW OUTSIDE ip address , provided, the source ip address should be allowed by the access-list 101 also. Suppose, if all the outside ip addresses are exhausted, allow this packet to go out using PAT (port address translation).