Published On: August 6ᵗʰ, 2019 02:00
IP Addressing: NAT Configuration Guide, Cisco IOS XE Release 3S
IP Multicast Dynamic NAT
The IP Multicast Dynamic Network Address Translation (NAT) feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for IP Multicast Dynamic NAT
Information About IP Multicast Dynamic NAT
How NAT Works
A device that is configured with NAT will have at least one interface to the inside network and one to the outside network. In a typical environment, NAT is configured at the exit device between a stub domain and the backbone. When a packet leaves the domain, NAT translates the locally significant source address into a globally unique address. When a packet enters the domain, NAT translates the globally unique destination address into a local address. If more than one exit point exists, each NAT must have the same translation table. If NAT cannot allocate an address because it has run out of addresses, it drops the packet and sends an Internet Control Message Protocol (ICMP) host unreachable packet to the destination.
Uses of NAT
NAT can be used for the following applications:
When you want to connect to the Internet, but not all of your hosts have globally unique IP addresses. NAT enables private IP internetworks that use nonregistered IP addresses to connect to the Internet. NAT is configured on the router at the border of a stub domain (referred to as the inside network) and a public network such as the Internet (referred to as the outside network). NAT translates internal local addresses to globally unique IP addresses before sending packets to the outside network. As a solution to the connectivity problem, NAT is practical only when relatively few hosts in a stub domain communicate outside of the domain at the same time. When this is the case, only a small subset of the IP addresses in the domain must be translated into globally unique IP addresses when outside communication is necessary, and these addresses can be reused when they are no longer in use.
When you must change your internal addresses. Instead of changing the internal addresses, which can be a considerable amount of work, you can translate them by using NAT.
When you want to do basic load sharing of TCP traffic. You can map a single global IP address to many local IP addresses by using the TCP load distribution feature.
NAT Inside and Outside Addresses
The term inside in a Network Address Translation (NAT) context refers to networks owned by an organization that must be translated. When NAT is configured, hosts within this network will have addresses in one space (known as the local address space) that will appear to those outside the network as being in another space (known as the global address space).
Similarly, the term outside refers to those networks to which the stub network connects, and which are generally not under the control of an organization. Hosts in outside networks can also be subject to translation, and can thus have local and global addresses.
NAT uses the following definitions:
Inside local address—An IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.
Inside global address—A legitimate IP address (assigned by the NIC or service provider) that represents one or more inside local IP addresses to the outside world.
Outside local address—The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from the address space that is routable on the inside.
Outside global address—The IP address assigned to a host on the outside network by the owner of the host. The address is allocated from a globally routable address or network space.
Dynamic Translation of Addresses
Dynamic translation establishes a mapping between an inside local address and a pool of global addresses. Dynamic translation is useful when multiple users on a private network need to access the Internet. The dynamically configured pool IP address may be used as needed and is released for use by other users when access to the Internet is no longer required.
When inside global or outside local addresses belong to a directly connected subnet on a NAT router, the router will add IP aliases for them so that it can answer Address Resolution Protocol (ARP) requests. However, a situation can arise where the router itself answers packets that are not destined for it, possibly causing a security issue. This can happen when an incoming Internet Control Message Protocol (ICMP) or UDP packet that is destined for one of the aliased addresses does not have a corresponding NAT translation in the NAT table, and the router itself runs a corresponding service, for example, the Network Time Protocol (NTP). Such a situation might cause minor security risks.
How to Configure IP Multicast Dynamic NAT
Configuring IP Multicast Dynamic NAT
ip nat pool
ip nat inside source list
ip multicast-routing distributed
ip pim sparse-mode
ip nat inside
ip pim sparse-mode
ip nat outside
Configuration Examples for IP Multicast Dynamic NAT
Example: Configuring IP Multicast Dynamic NAT
Router# configure terminal Router(config)# ip nat pool mypool 10.41.10.1 10.41.10.23 netmask 255.255.255.0 Router(config)# access-list 100 permit 10.3.2.0 0.0.0.255 any Router(config)# ip nat inside source list 100 pool mypool Router(config)# ip multicast-routing distributed Router(config)# interface gigabitethernet 0/0/0 Router(config-if)# ip address 10.0.0.1 255.255.255.0 Router(config-if)# ip pim sparse-mode Router(config-if)# ip nat inside Router(config-if)# exit Router(config)# interface gigabitethernet 0/0/1 Router(config-if)# ip address 10.2.2.1 255.255.255.0 Router(config-if)# ip pim sparse-mode Router(config-if)# ip nat outside Router(config-if)# end
Cisco IOS commands
Configuring NAT for IP address conservation
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for IP Multicast Dynamic NAT
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
IP Multicast Dynamic NAT
Cisco IOS XE Release 3.4S
The IP Multicast Dynamic Network Address Translation feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.