Network Address Translation (NAT) is an Internet standard that enables a local area network (LAN) to use
one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box
located where the LAN meets the Internet makes all necessary IP address translations.
Note: In case of Aruba Mesh routers , the NAT service runs only in the mesh gateway.
Steps to configure NAT on Mesh Routers:
There are two methods involved in Natting:
1) Multi to multi address translations:
2) Access internal server over Internet:
1) For multi to multi address translations: Need to map a pool of public IP to the internal subnet.
a) Create an ACL for the subnet (private), that is supposed to be natted , where we need to use wildcard bits :
MSR2(config)# ip access-list standard nat-acl
MSR2(config-acl-ip-std)# rule 10 permit 10.1.1.0 0.0.0.255
MSR2(config-acl-ip-std)# rule 20 permit 10.2.1.0 0.0.0.255
MSR2(config-acl-ip-std)# exit
b) Provide an IP to the outgoing physical interface:
MSR2(config)# interface gigabit-ethernet 0
MSR2(config-eth)# ip address 172.17.10.1/24
MSR2(config-eth)# mode gateway
MSR2(config-eth)# exit
We need to create a pool under "ip nat" :
MSR2(config)# ip nat
MSR2(config-nat)# pool nat-public 172.17.10.1 172.17.10.10
Access group need to be created under the nat command :
MSR2(config-nat)# access-group nat-acl global pool nat-public out-interface gigabit-ethernet 0
2) For Internal server access over Internet: If we consider that the mesh network provides hosting of a Web server using the
internal IP address: 10.1.1.100 with the TCP port number: 8080. To access the Web server from the Internet via NAT, the MSR
router uses the IP address 10.64.147.161 with the TCP port 80.
MSR2(config-nat)#ip nat
MSR2(config-nat)# server protocol tcp inside 10.1.1.100 8080 outside 172.17.10.1 80 out-interface gigabit-ethernet 0