Configuring NAT
This chapter provides conceptual information about network address translation (NAT) configuration and management
of NAT on the Cisco 910 Industrial Routers (hereafter referred to as the router).
Understanding Network Address Translation, page 117
Configuring NAT, page 118
Configuring Port Forwarding, page 119
Monitoring NAT Information, page 119
Understanding Network Address Translation
Address translation substitutes the real address in a packet with a mapped address that is routable on the destination
network. As part of the process, the device also records the substitution in a translation database; these records are
known as “xlate” entries. The appropriate xlate entry must exist to allow address translation on return packets—the
substitution of the original real address for the mapped address; this procedure is sometimes referred to as
“untranslation.” Thus, network address translation (NAT) actually consists of two steps: the translation of a real address
into a mapped address, and the reverse translation for returning traffic.
One of the main functions of NAT is to enable private IP networks to connect to the Internet. Network address translation
replaces a private IP address with a public IP address, translating the private addresses in the internal network into legal,
routable addresses that can be used on the public Internet. In this way, NAT conserves public addresses; for example,
NAT rules can be configured to utilize only one public address for the entire network in communications with the outside
world.
In the deployment of Cisco 910 Industrial Routers, multiple slave IR910 routers can be connected to the LAN behind the
master IR910 router. Before the traffic from these slave routers is sent to Internet, it can be encrypted and filtered.
Cisco Systems, Inc. www.cisco.com
117
�Configuring NAT
Configuring NAT
Beginning in privileged EXEC mode, follow these steps to configure NAT on the router:
Command Purpose
1. configure terminal Enter global configuration mode.
2. interface type number Enter interface configuration mode.
For type, choose one of the following interfaces as an outside
interface:
dot11radio (only available for Wi-Fi model IR910W-K9)
cellular (only available for 3G models IR910G-K9 and
IR910G-NA-K9)
Dialer
GigabitEthernet
For number, enter the interface number.
3. ip address ip-address subnet-mask Enter the IP address and subnet mask.
4. ip nat outside Identify the specified interface as the NAT outside interface.
5. exit Return to global configuration mode.
6. interface vlan vlan-id Enter VLAN interface configuration mode.
7. ip address ip-address subnet-mask Enter the IP address and subnet mask.
8. ip nat inside Identify the VLAN interface as the NAT inside interface.
9. exit Return to global configuration mode.
10. ip nat inside source inside-network Enable dynamic translation of addresses on the inside interface.
inside-network mask Outside interface should be dot11radio, cellular, dialer, or Gigabit
outside-interface-name Ethernet.
interface-number overload
Dot11radio interface is only available for Wi-Fi model IR910W-K9
and cellular interface is only available for 3G models IR910G-K9
and IR910G-NA-K9.
11. exit Return to global configuration mode.
12. show ip nat translation Verify the configuration.
13. copy running-config startup-config (Optional) Save your entries in the configuration file.
The following example shows how to configure NAT on a IR910W-K9 router:
Router# configure terminal
Router(config)# interface dot11radio 0
Router(config-if)# ip address 200.1.1.1 255.255.255.0
Router(config-if)# ip nat outside
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface vlan 1
Router(config-if)# ip address 192.168.3.254 255.255.255.0
Router(config-if)# ip nat inside
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# ip nat inside source 192.168.3.0 255.255.255.0 dot11radio 0 overload
Router(config)# exit
118
�Configuring NAT
Configuring Port Forwarding
Port forwarding is a NAT function that redirects a communication request from one address and port number combination
to another while the packets are traversing a network gateway.
Use the following command to configure port forwarding:
ip nat inside { static { tcp | udp | sctp } inside_network_address | source inside_network_address }
Syntax Description
static Port Forwarding Configuration.
source Source address translation.
Monitoring NAT Information
You can display specific statistics and the translation table of NAT. Table 21 lists the privileged EXEC commands for
displaying NAT information.
Table 21 Commands to Monitor NAT Information
Command Purpose
show ip nat statistics Display the statistics information of NAT configuration.
show ip nat translation Display the translation table.
The following example shows the output of the show ip nat statistics command:
Router# show ip nat statistics
Total Active Translations: 0
Inside Interface: vlan 1
Inside Source: 192.168.0.1/24
Outside Interface: dot11radio 0
The following example shows the output of the show ip nat translation command:
Router# show ip nat translation
Proto NATed Address NAT-host Address Destination Address
icmp 10.0.1.220 192.168.3.168 192.168.3.254
tcp 10.0.1.220 192.168.3.168 192.168.3.254
119
�Configuring NAT
120
