IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface.
This removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT.
How to use NVI?
command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’.
LEGACY STATEMENTS Ciscozine(config)#interface range fastEthernet 0/0 Ciscozine(config-if-range)#ip nat inside Ciscozine(config)#interface range fastEthernet 0/1 Ciscozine(config-if-range)#ip nat outside Ciscozine(config)#ip nat inside source static 172.16.0.6 10.16.0.5
NEW STATEMENTS Ciscozine(config)#interface range fastEthernet 0/0 Ciscozine(config-if-range)#ip nat enable Ciscozine(config)#interface range fastEthernet 0/1 Ciscozine(config-if-range)#ip nat enable Ciscozine(config)#ip nat source static 172.16.0.6 10.16.0.51]Define Static NAT entry Ciscozine(config)#ip nat source static 172.16.0.6 10.16.0.52] Define Multiple NAT entryCiscozine(config)#ip nat source static tcp 172.17.0.5 80 88.88.88.88 80 Ciscozine(config)#ip nat source static tcp 172.17.0.6 22 88.88.88.88 666When you enable NAT (legacy or not), the IOS enables a virtual interface calledNVI0. This interface is used ONLY when the ‘ip nat enable’ is enabled. This interface can be found with the command ‘show ip interface brief’ or ‘show interfaces’.Cisco recommends to use legacy NAT for VRF to global NAT (ip nat inside/out) and between interfaces in the same VRF. NVI is used for NAT between different VRFs.
No comments:
Post a Comment