Filter
Top Products
Configuring IP Addressing
Configuring Network Address Translation
IPC-45
Cisco IOS IP Configuration Guide
Note The access list must permit only those addresses that are to be translated. (Remember that there is an
implicit “deny all” at the end of each access list.) An access list that is too permissive can lead to
unpredictable results.
See the “ping Command Example” section at the end of this chapter for an example of rotary translation.
Changing Translation Timeouts
By default, dynamic address translations time out after some period of nonuse. You can change the
default values on timeouts, if necessary. When overloading is not configured, simple translation entries
time out after 24 hours. To change this value, use the following command in global configuration mode:
If you have configured overloading, you have more control over translation entry timeout, because each
entry contains more context about the traffic using it. To change timeouts on extended entries, use the
following commands in global configuration mode as needed:
Command Purpose
Step 1
Router(config)# ip nat pool name start-ip end-ip
{netmask netmask | prefix-length prefix-length} type
rotary
Defines a pool of addresses containing the addresses
of the real hosts.
Step 2
Router(config)# access-list access-list-number
permit source [source-wildcard]
Defines an access list permitting the address of the
virtual host.
Step 3
Router(config)# ip nat inside destination list
access-list-number pool name
Establishes dynamic inside destination translation,
specifying the access list defined in the prior step.
Step 4
Router(config)# interface type number
Specifies the inside interface.
Step 5
Router(config-if)# ip nat inside
Marks the interface as connected to the inside.
Step 6
Router(config)# interface type number
Specifies the outside interface.
Step 7
Router(config-if)# ip nat outside
Marks the interface as connected to the outside.
Command Purpose
Router(config)# ip nat translation timeout seconds
Changes the timeout value for dynamic address
translations that do not use overloading.
Command Purpose
Router(config)# ip nat translation udp-timeout seconds
Changes the UDP timeout value from 5 minutes.
Router(config)# ip nat translation dns-timeout seconds
Changes the DNS timeout value from 1 minute.
Router(config)# ip nat translation tcp-timeout seconds
Changes the TCP timeout value from 24 hours.
Router(config)# ip nat translation finrst-timeout seconds
Changes the Finish and Reset timeout value from
1 minute.