How to configure Natting on Mesh routers

Aruba Employee
Aruba Employee
rtaImage (5).png 
 Network Address Translation (NAT) is an Internet standard that enables a local area network (LAN) to use
one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box
located where the LAN meets the Internet makes all necessary IP address translations. 
Note: In case of Aruba Mesh routers , the NAT service runs only in the mesh gateway.
Steps to configure NAT on Mesh Routers:
There are two methods involved in Natting:
1) Multi to multi address translations:
2) Access internal server over Internet:
1) For multi to multi address translations: Need to map a pool of public IP to the internal subnet.
a) Create an ACL for the subnet (private), that is supposed to be natted , where we need to use wildcard bits :
MSR2(config)# ip access-list standard nat-acl
MSR2(config-acl-ip-std)# rule 10 permit
MSR2(config-acl-ip-std)# rule 20 permit
MSR2(config-acl-ip-std)# exit
b) Provide an IP to the outgoing physical interface:
MSR2(config)# interface gigabit-ethernet 0
MSR2(config-eth)# ip address
MSR2(config-eth)# mode gateway
MSR2(config-eth)# exit
We need to create a pool under "ip nat" :
MSR2(config)# ip nat
MSR2(config-nat)# pool nat-public
Access group need to be created under the nat command :
MSR2(config-nat)# access-group nat-acl global pool nat-public out-interface gigabit-ethernet 0
2) For Internal server access over Internet: If we consider that the mesh network provides hosting of a Web server using the 
internal IP address: with the TCP port number: 8080. To access the Web server from the Internet via NAT, the MSR 
router uses the IP address with the TCP port 80.
MSR2(config-nat)#ip nat
MSR2(config-nat)# server protocol tcp inside 8080 outside 80 out-interface gigabit-ethernet 0
Version history
Revision #:
2 of 2
Last update:
‎11-04-2014 04:20 PM
Updated by:
Labels (1)