ManualsPro Cisco CISCO 17.X NAT About Stateless Static Instruction Manual

CISCO 17.X NAT About Stateless Static Instruction Manual

June 15, 2024
Cisco

CISCO 17.X NAT About Stateless Static

CISCO-17-X-NAT-About-Stateless-Static-product

Product Information

Specifications

  • Product Name : Stateless Static NAT
  • Version : IOS XE Bengaluru 17.4.1a

Product Usage Instructions

Configuring Stateless Static Inside and Outside NAT
 To configure a static NAT translation with static mapping set to stateless, follow these steps

  1. Enable privileged EXEC mode by entering the command:
    enable

  2. Enter global configuration mode by entering the command:
    configure terminal

  3. Configure the inside source static NAT translation by entering
    the command: ip nat inside source static local-ip global-ip stateless

  4. Configure the outside source static NAT translation by entering
    the command: ip nat outside source static global-ip local-ip stateless

  5. Exit global configuration mode by entering the command:
    exit

  6. Save the configuration and exit by entering the command:
    end

Configuring Stateless Static NAT Port Forwarding
 To configure stateless static NAT port forwarding, follow these steps

  1. Enable privileged EXEC mode by entering the command:
    enable

  2. Enter global configuration mode by entering the command:
    configure terminal

  3. Configure the inside source static NAT translation with port
    forwarding by entering the command: ip nat inside source static local-ip global-ip stateless

  4. Configure the outside source static NAT translation with port
    forwarding by entering the command: ip nat outside source static global-ip local-ip stateless

  5. Exit global configuration mode by entering the command:
    exit

  6. Save the configuration and exit by entering the command:
    end

FAQ

  • What is Stateless Static NAT?
     Stateless Static NAT allows for one-to-one translations of inside local addresses to outside global addresses, including IP addresses and port number translations.

  • What is the purpose of Stateless Static NAT?
     The purpose of Stateless Static NAT is to create fixed translations of private addresses to public addresses, enabling hosts on the destination network to initiate traffic to a translated host if allowed by an access list.

  • What is the difference between Stateless and Stateful NAT?
     In Stateless NAT, no sessions are created for the traffic flow, while in Stateful NAT, sessions are created for each flow.

Information About Stateless Static NAT

  • Static Network Address Translation (NAT) allows the user to configure one-to-one translations of the inside local addresses to the outside global addresses. It allows both IP addresses and port number translations from the inside to the outside traffic and the outside to the inside traffic.
  • Static NAT creates a fixed translation of private addresses to public addresses. Because static NAT assigns addresses on a one-to-one basis, you need an equal number of public addresses as private addresses. Because the public address is the same for each consecutive connection with static NAT, and a persistent translation rule exists, static NAT enables hosts on the destination network to initiate traffic to a translated host if an access list exists that allows it .

In IOS XE Bengaluru 17.4.1a release, a new keyword stateless is introduced for the Cisco IOS XE static NAT configuration options. This option applies only to static NAT command. When the static mapping is set to stateless, no sessions are created for that traffic flow.

  • NAT Mappings and Translation Entry, on page 1
  • Restrictions for Stateless Static Network Address Translation, on page 2
  • Configuring Stateless Static NAT, on page 2
  • Configuring Static Stateful NAT with Static Stateless NAT in Redundant Device , on page 8
  • Example : Configuring Stateless Static NAT , on page 9
  • Feature Information for Statless Static NAT, on page 10

NAT Mappings and Translation Entry

If a stateless NAT mapping co-exists with other NAT mappings which are not stateless, a NAT flow entry is created in NAT translation table. Following table explains the flow creation possibilities when a flow is a match for two NAT mapping and also in redundancy and no redundancy scenario.

Table 1: NAT Mappings and Translation Entry

Mapping 1 with

No Redundancy

| Mapping 2 with

No Redundancy

| Mapping 1

with Redundancy

| Mapping 2 with

Redundancy

| Flow Creation
---|---|---|---|---
Stateless| Stateful| NA| NA| Yes
Stateless| Stateless| NA| NA| No
NA| NA| Stateful| Stateless| On both active and standby
Mapping 1 with No Redundancy| Mapping 2 with No Redundancy| Mapping 1

with Redundancy

| Mapping 2 with Redundancy| Flow Creation
---|---|---|---|---
NA| NA| Stateless| Stateless| Not on both active and standby

Restrictions for Stateless Static Network Address Translation

The following restrictions apply to the Stateless Static NAT:

  • Stateless Static NAT is supported only on IPv4.
  • Stateless Static NAT is supported only on default NAT mode. If you change the mode to CGN, it will fail as stateless mappings are already configured.
  • Stateless Static NAT is not supported for static mapping with route-map.
  • Stateless Static NAT does not support ALG processing for stateless static mappings.

Configuring Stateless Static NAT

You can cofigure the stateless static NAT on the following:

  • Inside static NAT
  • Outside static NAT
  • Inside static NAT network
  • Outside static NAT network
  • Inside static NAT with PAT
  • Outside static NAT with PAT

Configuring Stateless Static Inside and Outside NAT
Perform the following task to configure a static NAT translation with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip stateless
  4. ip nat outside source static global-ip local-ip stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example: Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static local-ip global-ip stateless

Example: Router(config)# ip nat inside source static 10.1.1.1 100.1.1.1 stateless

| Establishes static translation between an inside local address and an inside global address.
Step 4| ip nat outside source static global-ip local-ip stateless

Example: Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 stateless

| Establishes static translation between an outside global address and inside local address.
Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example: Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT Port Forwarding
Perform the following task to configure a static NAT translation port forwarding with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static {tcp|udp} local-ip local-port global-ip global-port extendable Stateless
  4. ip nat outside source static {tcp|udp} global-ip global-port local-ip local-port extendable Stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example:

Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static { tcp|udp } local-ip local- port global-ip global-port extendable Stateless

Example: Router(config)# ip nat inside source static tcp

10.1.1.1 80 100.11.1.1 8080 extendable stateless

| Establishes static translation between an inside local address and an inside global address.
Step 4| ip nat outside source static { tcp|udp } global-ip global-port local-ip local-port extendable Stateless

Example:

Router(config)# ip nat outside source static tcp
100.1.1.1 8080 10.1.1.1 80 extendable stateless

| Establishes static translation between an outside global address and inside local address.
Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example:

Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT Network
Perform the following task to configure a static NAT translation network with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static network local-network-mask global-network-mask Stateless
  4. ip nat outside source static network global-network-mask local-network-mask Stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example:

Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static network local-network-mask global-network-mask Stateless

Example: Router(config)# ip nat inside source static network

10.0.0.0 100.1.1.0 /24 stateless

| Establishes static translation between an inside local network and an inside global network.
Step 4| ip nat outside source static network global-network-mask local-network-mask Stateless

Example: Router(config)# ip nat outside source static network 100.0.0.0 10.1.1.0 /24 stateless

| Establishes static translation between a outside global network and an inside local network.
Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example: Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT with VRF
Perform the following task to configure a static NAT translation with static mapping is set to stateless in VRF aware NAT scenario. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip [vrf vrf-name [match-in-vrf ]] Stateless
  4. ip nat outside source static global-ip local-ip [vrf vrf-name [match-in-vrf ]] Stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example: Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static local-ip global-ip [ vrf vrf-name [ match-in-vrf ]] Stateless

Example: Router(config)# ip nat inside source static

10.1.1.1 100.11.1.1 vrf vrf1 match-in-vrf stateless

| Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

Step 4| ip nat outside source static global-ip local-ip [ vrf

vrf-name [ match-in-vrf ]] Stateless

Example: Router(config)# ip nat outside source static

100.1.1.1 10.1.1.1 vrf vrf1 match-in-vrf stateless

| Establishes static translation between a outside global address and an inside local address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example: Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT with Static Stateless Static NAT Port Forwarding
Perform the following task to configure a static NAT port forwarding with VRF with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port [vrf vrf-name [match-in-vrf ]] extendable stateless
  4. ip nat outside source static {tcp | udp} global-ip global-port local-ip local-port [vrf vrf-name [match-in-vrf ]] extendable stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example: Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static { tcp | udp } local-ip local-port global-ip global-port [ vrf vrf-name [ match-in-vrf ]] extendable stateless

Example: Router(config)# ip nat inside source static tcp

10.1.1.1 80 100.11.1.1 8080 vrf 1 match-in-vrf extendable stateless

| Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

Step 4| ip nat outside source static { tcp | udp } global-ip global-port local-ip local-port [ vrf vrf-name [ match-in-vrf ]] extendable stateless

Example:

Router(config)# ip nat outside source static tcp
100.1.1.1 8080 10.1.1.1 80 vrf 1 match-in-vrf extendable stateless

| Establishes static translation between a outside global address and an inside local address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example: Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Static Stateful NAT with Static Stateless NAT in Redundant Device
Perform the following task to configure a static NAT translation with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow. In this configuration, only on static mapping is set to stateless. A NAT translation entry is created when the flow matches to both mapping statements or if it matches to stateful mapping entry only. However, it will not be created if it matches to stateless entry only.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name [match-in-vrf ]]] stateless
  4. ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name match-in-vrf ]]] stateless
  5. exit
  6. end

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| enable

Example: Router> enable

|

  • Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2| configure terminal

Example: Router# configure terminal

| Enters global configuration mode.
Step 3| ip nat inside source static local-ip global-ip [ vrf vrf-name [ redundancy group name [ match-in-vrf ]]] stateless

Example: Router(config)# ip nat inside source static

10.180.4.4 10.236.214.218 vrf vrf1 redundancy 1 mapping-id 11 match-in-vrf stateless

| Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

Step 4| ip nat inside source static local-ip global-ip [ vrf vrf-name [ redundancy group name match-in-vrf ]]] stateless

Example: Router(config)# ip nat outside source static
10.180.4.8 10.240.214.220 vrf vrf1 redundancy 1 mapping-id 10 match-in-vrf stateless

| Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.
  • The Stateless keyword does not create the flow entries for static mapping.

| Command or Action| Purpose
---|---|---
Step 5| exit

Example: Router(config-if)# exit

| Exits interface configuration mode and returns to global configuration mode.
Step 6| end

Example: Router(config-if)# end

| Exits interface configuration mode and returns to privileged EXEC mode.

Example: Configuring Stateless Static NAT

Stateless Static NAT
The following example shows how to configure a stateless static inside and outside NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The Stateless keyword does not create the flow entries for static mapping.

  • Router# configure terminal
  • Router(config)# ip nat inside source static 10.1.1.1 100.1.1.1 stateless
  • Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 stateless

Stateless Static NAT with Port Forwarding
The following example shows how to configure a stateless static NAT port forwarding translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The Stateless keyword does not create the flow entries for static mapping.

  • Router# configure terminal
  • Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 extendable stateless
  • Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 extendable stateless

Stateless Static NAT Network
The following example shows how to configure a stateless static NAT network between an inside local network and an inside global network. The Stateless keyword does not create the flow entries for static mapping.

  • Router# configure terminal
  • Router(config)# ip nat inside source static network 10.0.0.0 100.1.1.0 /24 stateless Router(config)# ip nat outside source static network 100.0.0.0 10.1.1.0 /24 stateless

Static Stateless NAT with VRF
The following example shows how to configure a stateless static NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF. The Stateless keyword does not create the flow entries for static mapping.

  • Router# configure terminal
  • Router(config)# ip nat inside source static 10.1.1.1 100.11.1.1 vrf vrf1 match-in-vrf stateless
  • Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 vrf vrf1 match-in-vrf stateless
  • Router(config)# Router(config-if)# end

Static Stateless NAT with Static Stateless Static NAT Port Forwarding
The following example shows how to configure a stateless static NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF. The Stateless keyword does not create the flow entries for static mapping.

  • Router# configure terminal
  • Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 vrf 1 match-in-vrf extendable stateless
  • Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 vrf 1 match-in-vrf extendable stateless
  • Router(config)# Router(config-if)# end

Static Stateful NAT with Static Stateless NAT in Device-to-Device HA
The following example shows how to configure a stateless static NAT with static stateless NAT matching the flow with device-to-device redundancy enabled.

  • Router# configure terminal
  • ip nat inside source static 10.180.4.4 10.236.214.218 vrf vrf1 redundancy 1 mapping-id 11 match-in-vrf stateless
  • ip nat outside source static 10.180.4.8 10.240.214.220 vrf vrf1 redundancy 1 mapping-id 10

Feature Information for Statless Static NAT

Table 2: Feature Information for Statless Static NAT

Feature Name Releases Feature Information
Statless Static NAT Cisco IOS XE Bengaluru 17.4 A new keyword stateless

is introduced for IOS XE static NAT configuration.

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Cisco User Manuals

cisco Configuring Console Access Instructions
Cisco
cisco HyperFlex HX-Series Data Platform for HCI Instructions
Cisco
CISCO Meraki Cloud Monitoring for Catalyst User Guide
Cisco
CISCO Cloud-Delivered Catalyst SD-WAN Platform User Guide
Cisco
CISCO 60079011 Wi Fi 6 E Access Point User Manual
Cisco
CISCO IP Phone o Through the Normal Startup Process User Guide
Cisco
CISCO Install Enterprise NFVIS Using USB User Guide
Cisco
CISCO NCS 1014 Network Convergence System 1014 Instruction Manual
Cisco
CISCO Set Up Webex User Guide
Cisco
CISCO Webex App User Guide
Cisco
CISCO DNA Center Configure Telemetry User Guide
Cisco
802.11 Parameters for Cisco Access Points User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide Release 9.3 Instruction Manual Product Information
Cisco
CISCO P-LTE-450 Cellular Pluggable Interface Module Configuration User Guide
Cisco
CISCO Nexus 3600 Series NX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 SeriesNX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide User Guide
Cisco
CISCO Nexus 9804 NX-OS Mode Switch Hardware Installation Guide
Cisco
CISCO Nexus 3548 Series NX-OS Verified Scalability Instructions
Cisco
CISCO 9.0SU Emergency Responder User Guide
Cisco

Related Manuals

IMOU IPC-AX6L Security Camera User Guide
imou
Lenovo BTP-131 Precision Pen 3 User Guide
Lenovo
KINWELL CD0200AF51D Home Theater Recliner Instruction Manual
KINWELL
APHEX HEADPOD 4 High Performance Headphone Amplifier Owner’s Manual
APHEX
dyson V15 Detect Total Clean Extra Cordless Stick Vacuum User Manual
dyson
invt EC-TX809 PROFINET I-O Communication Expansion Module User Manual
invt
PROFICOOK PC-WKS 1192 Water Kettle Instruction Manual
PROFICOOK
Karibu 33734 Garden Houses Saunas Instruction Manual
Karibu
ZJD00012-5 Hanging Light Fixture Installation Guide
ZJD
sae audio PRO1018A Sequence Power Amplifier User Manual
sae audio
KAMADO JOE 190313 Classic Joe Grill User Manual
KAMADO JOE
amazon basics B09G48LHVX Foldable Dog Metal Crate Double Door User Manual
amazon basics
SAMSUNG OTR21M4C Microwave Oven User Manual
Samsung
BRINK 616840 Wireless Controller Installation Guide
BRINK
PROGRESS LIGHTING P300081-104 Judson Collection Two-Light Polished Nickel Clear Glass Owner’s Manual
PROGRESS LIGHTING
TECH CONTROLLERS EU-11 Circulation Pump Controller User Manual
TECH CONTROLLERS
AT T Uplink 5500M Universal Dual Sim Alarm Communicator Verizon Instruction Manual
AT&T
FRYMASTER GF14 GF Series Standard Natural Gas Fryer Instructions
FRYMASTER
WIS 2.23inch OLED HAT User Guide
WIS
LIT by CARDI 4149700 Downlights Instruction Manual
LIT by CARDI
RYOBI P2503 18 Volt Reciprocating Pruning Saw User Manual
RYOBI
PHILIPS 9290022230A Smart Button User Manual
Philips
VANITYFUS FS306-1650 Bathtub Instruction Manual
VANITYFUS
EnerSys EMEA Total Power User Guide
EnerSys
Enping Warm Card Electronic Technology M-ONE UHF Wireless Microphone Transmitter and Receiver User Guide
Enping Warm Card Electronic Technology
Streamline N111BGM-BGM Clawfoot Tub and Tray User Guide
Streamline
Grouw 18184 Chain Chainsaw Instruction Manual
Grouw
b d 161061_05 Rolling Door Opener Instruction Manual
b d
SEALEY ES680D Folding 360 Degree Rotating Engine Stand with Geared Handle Drive Instructions
SEALEY
FISHER PAYKEL CI604DTB4 Induction Cooktop User Guide
Fisher & Paykel
Contact Us   Privacy Policy   6.711ms