Information About Stateless Static NAT

Static Network Address Translation (NAT) allows the user to configure one-to-one translations of the inside local addresses to the outside global addresses. It allows both IP addresses and port number translations from the inside to the outside traffic and the outside to the inside traffic.

Static NAT creates a fixed translation of private addresses to public addresses. Because static NAT assigns addresses on a one-to-one basis, you need an equal number of public addresses as private addresses. Because the public address is the same for each consecutive connection with static NAT, and a persistent translation rule exists, static NAT enables hosts on the destination network to initiate traffic to a translated host if an access list exists that allows it .

In IOS XE Bengaluru 17.4.1a release, a new keyword stateless is introduced for the Cisco IOS XE static NAT configuration options. This option applies only to static NAT command. When the static mapping is set to stateless, no sessions are created for that traffic flow.

NAT Mappings and Translation Entry

If a stateless NAT mapping co-exists with other NAT mappings which are not stateless, a NAT flow entry is created in NAT translation table. Following table explains the flow creation possibilities when a flow is a match for two NAT mapping and also in redundancy and no redundancy scenario.

Table 1. NAT Mappings and Translation Entry

Mapping 1 with

No Redundancy

Mapping 2 with

No Redundancy

Mapping 1

with Redundancy

Mapping 2 with

Redundancy

Flow Creation

Stateless

Stateful

NA

NA

Yes

Stateless

Stateless

NA

NA

No

NA

NA

Stateful

Stateless

On both active and standby

NA

NA

Stateless

Stateless

Not on both active and standby

Restrictions for Stateless Static Network Address Translation

The following restrictions apply to the Stateless Static NAT:

  • Stateless Static NAT is supported only on IPv4.

  • Stateless Static NAT is supported only on default NAT mode. If you change the mode to CGN, it will fail as stateless mappings are already configured.

  • Stateless Static NAT is not supported for static mapping with route-map.

  • Stateless Static NAT does not support ALG processing for stateless static mappings.

Configuring Stateless Static NAT

You can cofigure the stateless static NAT on the following:

  • Inside static NAT

  • Outside static NAT

  • Inside static NAT network

  • Outside static NAT network

  • Inside static NAT with PAT

  • Outside static NAT with PAT

Configuring Stateless Static Inside and Outside NAT

Perform the following task to configure a static NAT translation with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip stateless
  4. ip nat outside source static global-ip local-ip stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static local-ip global-ip stateless

Example:

Router(config)# ip nat inside source static 10.1.1.1 100.1.1.1 stateless

  • Establishes static translation between an inside local address and an inside global address.

Step 4

ip nat outside source static global-ip local-ip stateless

Example:

Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 stateless

  • Establishes static translation between an outside global address and inside local address.

Step 5

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT Port Forwarding

Perform the following task to configure a static NAT translation port forwarding with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static {tcp|udp} local-ip local-port global-ip global-port extendable Stateless
  4. ip nat outside source static {tcp|udp} global-ip global-port local-ip local-port extendable Stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static {tcp|udp} local-ip local-port global-ip global-port extendable Stateless

Example:

Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 extendable stateless

  • Establishes static translation between an inside local address and an inside global address.

Step 4

ip nat outside source static {tcp|udp} global-ip global-port local-ip local-port extendable Stateless

Example:

Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 extendable stateless

  • Establishes static translation between an outside global address and inside local address.

Step 5

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT Network

Perform the following task to configure a static NAT translation network with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static network local-network-mask global-network-mask Stateless
  4. ip nat outside source static network global-network-mask local-network-mask Stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static network local-network-mask global-network-mask Stateless

Example:

Router(config)# ip nat inside source static network 10.0.0.0 100.1.1.0 /24 stateless

  • Establishes static translation between an inside local network and an inside global network.

Step 4

ip nat outside source static network global-network-mask local-network-mask Stateless

Example:

Router(config)# ip nat outside source static network 100.0.0.0 10.1.1.0 /24 stateless

  • Establishes static translation between a outside global network and an inside local network.

Step 5

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT with VRF

Perform the following task to configure a static NAT translation with static mapping is set to stateless in VRF aware NAT scenario. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip [vrf vrf-name [match-in-vrf ]] Stateless
  4. ip nat outside source static global-ip local-ip [vrf vrf-name [match-in-vrf ]] Stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static local-ip global-ip [vrf vrf-name [match-in-vrf ]] Stateless

Example:

Router(config)# ip nat inside source static 10.1.1.1 100.11.1.1 vrf vrf1 match-in-vrf stateless
Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 4

ip nat outside source static global-ip local-ip [vrf vrf-name [match-in-vrf ]] Stateless

Example:

Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 vrf vrf1 match-in-vrf stateless
Establishes static translation between a outside global address and an inside local address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 5

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Stateless Static NAT with Static Stateless Static NAT Port Forwarding

Perform the following task to configure a static NAT port forwarding with VRF with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port [vrf vrf-name [match-in-vrf ]] extendable stateless
  4. ip nat outside source static {tcp | udp} global-ip global-port local-ip local-port [vrf vrf-name [match-in-vrf ]] extendable stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port [vrf vrf-name [match-in-vrf ]] extendable stateless

Example:

Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 vrf 1 match-in-vrf extendable stateless
Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 4

ip nat outside source static {tcp | udp} global-ip global-port local-ip local-port [vrf vrf-name [match-in-vrf ]] extendable stateless

Example:

Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 vrf 1 match-in-vrf extendable stateless
Establishes static translation between a outside global address and an inside local address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 5

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring Static Stateful NAT with Static Stateless NAT in Redundant Device

Perform the following task to configure a static NAT translation with static mapping is set to stateless. When you set the static mapping to stateless, sessions are not created for that flow. In this configuration, only on static mapping is set to stateless. A NAT translation entry is created when the flow matches to both mapping statements or if it matches to stateful mapping entry only. However, it will not be created if it matches to stateless entry only.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name [match-in-vrf ]]] stateless
  4. ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name match-in-vrf ]]] stateless
  5. exit
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name [match-in-vrf ]]] stateless

Example:

Router(config)# ip nat inside source static 10.180.4.4 10.236.214.218 vrf vrf1 redundancy 1 mapping-id 11 match-in-vrf stateless
Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 4

ip nat inside source static local-ip global-ip [vrf vrf-name [redundancy group name match-in-vrf ]]] stateless

Example:

Router(config)# ip nat outside source static 10.180.4.8 10.240.214.220 vrf vrf1 redundancy 1 mapping-id 10 match-in-vrf stateless
Establishes static translation between an inside local address and an inside global address.

  • The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

  • The Stateless keyword does not create the flow entries for static mapping.

Step 5

exit

Example:

Router(config-if)# exit
Exits interface configuration mode and returns to global configuration mode.

Step 6

end

Example:

Router(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.

Example: Configuring Stateless Static NAT

Stateless Static NAT

The following example shows how to configure a stateless static inside and outside NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The Stateless keyword does not create the flow entries for static mapping. 

Router# configure terminal
Router(config)# ip nat inside source static 10.1.1.1 100.1.1.1 stateless
Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 stateless

Stateless Static NAT with Port Forwarding

The following example shows how to configure a stateless static NAT port forwarding translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The Stateless keyword does not create the flow entries for static mapping. 

Router# configure terminal
Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 extendable stateless
Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 extendable stateless

Stateless Static NAT Network

The following example shows how to configure a stateless static NAT network between an inside local network and an inside global network. The Stateless keyword does not create the flow entries for static mapping. 

Router# configure terminal
Router(config)# ip nat inside source static network 10.0.0.0 100.1.1.0 /24 stateless
Router(config)# ip nat outside source static network 100.0.0.0 10.1.1.0 /24 stateless

Static Stateless NAT with VRF

The following example shows how to configure a stateless static NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF. The Stateless keyword does not create the flow entries for static mapping. 

Router# configure terminal
Router(config)# ip nat inside source static 10.1.1.1 100.11.1.1 vrf vrf1 match-in-vrf stateless
Router(config)# ip nat outside source static 100.1.1.1 10.1.1.1 vrf vrf1 match-in-vrf stateless
Router(config)# Router(config-if)# end

Static Stateless NAT with Static Stateless Static NAT Port Forwarding

The following example shows how to configure a stateless static NAT translation between the local IP address 10.1.1.1 and the global IP address 100.1.1.1. The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF. The Stateless keyword does not create the flow entries for static mapping. 

Router# configure terminal
Router(config)# ip nat inside source static tcp 10.1.1.1 80 100.11.1.1 8080 vrf 1 match-in-vrf extendable stateless
Router(config)# ip nat outside source static tcp 100.1.1.1 8080 10.1.1.1 80 vrf 1 match-in-vrf extendable stateless
Router(config)# Router(config-if)# end

Static Stateful NAT with Static Stateless NAT in Device-to-Device HA

The following example shows how to configure a stateless static NAT with static stateless NAT matching the flow with device-to-device redundancy enabled. 

Router# configure terminal
ip nat inside source static 10.180.4.4 10.236.214.218 vrf vrf1 redundancy 1 mapping-id 11 match-in-vrf stateless
ip nat outside source static 10.180.4.8 10.240.214.220 vrf vrf1 redundancy 1 mapping-id 10 match-in-vrf stateless

Feature Information for Statless Static NAT

Table 2. Feature Information for Statless Static NAT

Feature Name

Releases

Feature Information

Statless Static NAT

Cisco IOS XE Bengaluru 17.4

A new keyword stateless is introduced for IOS XE static NAT configuration.