IP Multicast Dynamic NAT

Last Updated: November 29, 2012

The IP Multicast Dynamic Network Address Translation (NAT) feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for IP Multicast Dynamic NAT

The IP Multicast Dynamic NAT feature does not support:

  • IPv4-to-IPv6 address translation.

  • Multicast destination address translation.

  • Port Address Translation (PAT) overloading for multicast.
  • Source and destination address translation.
  • Unicast-to-multicast address translation.

Information About IP Multicast Dynamic NAT

How NAT Works

A router configured with NAT will have at least one interface to the inside network and one to the outside network. In a typical environment, NAT is configured at the exit router between a stub domain and a backbone. When a packet leaves the domain, NAT translates the locally significant source address into a globally unique address. When a packet enters the domain, NAT translates the globally unique destination address into a local address. If more than one exit point exists, each NAT must have the same translation table. If NAT cannot allocate an address because it has run out of addresses, it drops the packet and sends an Internet Control Message Protocol (ICMP) host unreachable packet.

Uses of NAT

NAT can be used for the following applications:

  • When you want to connect to the Internet, but not all of your hosts have globally unique IP addresses. NAT enables private IP internetworks that use nonregistered IP addresses to connect to the Internet. NAT is configured on the router at the border of a stub domain (referred to as the inside network) and a public network such as the Internet (referred to as the outside network). NAT translates internal local addresses to globally unique IP addresses before sending packets to the outside network. As a solution to the connectivity problem, NAT is practical only when relatively few hosts in a stub domain communicate outside of the domain at the same time. When this is the case, only a small subset of the IP addresses in the domain must be translated into globally unique IP addresses when outside communication is necessary, and these addresses can be reused when they are no longer in use.
  • When you must change your internal addresses. Instead of changing the internal addresses, which can be a considerable amount of work, you can translate them by using NAT.
  • When you want to do basic load sharing of TCP traffic. You can map a single global IP address to many local IP addresses by using the TCP load distribution feature.

NAT Inside and Outside Addresses

The term inside in a NAT context refers to networks owned by an organization that must be translated. When NAT is configured, hosts within this network will have addresses in one space (known as the local address space) that will appear to those outside the network as being in another space (known as the global address space).

Similarly, outside refers to those networks to which the stub network connects, and which are generally not under the control of the organization. Hosts in outside networks can be subject to translation, and can thus have local and global addresses.

NAT uses the following definitions:

  • Inside local address--The IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the NIC or service provider.
  • Inside global address--A legitimate IP address (assigned by the NIC or service provider) that represents one or more inside local IP addresses to the outside world.
  • Outside local address--The IP address of an outside host as it appears to the inside network. The address is not necessarily legitimate; it was allocated from the address space routable on the inside.
  • Outside global address--The IP address that is assigned to a host on the outside network by the owner of the host. The address was allocated from a globally routable address or network space.

Dynamic Translation of Addresses

Dynamic translation establishes a mapping between an inside local address and a pool of global addresses. Dynamic translation is useful when multiple users on a private network need to access the Internet. The dynamically configured pool IP address may be used as needed and is released for use by other users when access to the Internet is no longer required.


Note
When inside global or outside local addresses belong to a directly connected subnet on a NAT router, the router will add IP aliases for them so that it can answer Address Resolution Protocol (ARP) requests. However, a situation can arise where the router itself answers packets that are not destined for it, possibly causing a security issue. This can happen when an incoming Internet Control Message Protocol (ICMP) or UDP packet that is destined for one of the aliased addresses does not have a corresponding NAT translation in the NAT table, and the router itself runs a corresponding service, for example, the Network Time Protocol (NTP). Such a situation might cause minor security risks.

How to Configure IP Multicast Dynamic NAT

Configuring IP Multicast Dynamic NAT


Note
IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses
SUMMARY STEPS

1.    enable

2.   configure terminal

3.   ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type {match-host | rotary}]

4.   access-list access-list-number permit source-address wildcard-bits [any]

5.   ip nat inside source list access-list-number pool name

6.   ip multicast-routing distributed

7.   interface type number

8.   ip address ip-address mask

9.   ip pim sparse-mode

10.   ip nat inside

11.   exit

12.   interface type number

13.   ip address ip-address mask

14.   ip pim sparse-mode

15.   ip nat outside

16.   end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 
Enables privileged EXEC mode.
  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type {match-host | rotary}]


Example:

Router(config)# ip nat pool mypool 10.41.10.1 10.41.10.23 netmask 255.255.255.0

 

Defines a pool of global addresses to be allocated as needed.

 
Step 4
access-list access-list-number permit source-address wildcard-bits [any]


Example:

Router(config)# access-list 100 permit 10.3.2.0 0.0.0.255 any

 

Defines a standard access list for the inside addresses that are to be translated.

 
Step 5
ip nat inside source list access-list-number pool name


Example:

Router(config)# ip nat inside source list 100 pool mypool

 

Establishes dynamic source translation, specifying the access list defined in the prior step.

 
Step 6
ip multicast-routing distributed


Example:

Router(config)# ip multicast-routing distributed

 

Enables Multicast Distributed Switching (MDS).

 
Step 7
interface type number


Example:

Router(config)# interface gigabitethernet 0/0/0

 

Configures an interface and enters interface configuration mode.

 
Step 8
ip address ip-address mask


Example:

Router(config-if)# ip address 10.1.1.1 255.255.255.0

 

Sets a primary or secondary IP address for an interface.

 
Step 9
ip pim sparse-mode


Example:

Router(config-if)# ip pim sparse-mode

 

Enables sparse mode operation of Protocol Independent Multicast (PIM) on an interface.

 
Step 10
ip nat inside


Example:

Router(config-if)# ip nat inside

 

Indicates that the interface is connected to the inside network (the network that is subject to NAT translation).

 
Step 11
exit


Example:

Router(config-if)# exit

 

Exits interface configuration mode and enters global configuration mode.

 
Step 12
interface type number


Example:

Router(config)# interface gigabitethernet 0/0/1

 

Configures an interface and enters interface configuration mode.

 
Step 13
ip address ip-address mask


Example:

Router(config-if)# ip address 10.2.2.1 255.255.255.0

 

Sets a primary or secondary IP address for an interface.

 
Step 14
ip pim sparse-mode


Example:

Router(config-if)# ip pim sparse-mode

 

Enables sparse mode operation of PIM on an interface.

 
Step 15
ip nat outside


Example:

Router(config-if)# ip nat outside

 

Indicates that the interface is connected to the outside network.

 
Step 16
end


Example:

Router(config-if)# end

 

Exits interface configuration mode and enters privileged EXEC mode.

 

Configuration Examples for IP Multicast Dynamic NAT

Example: Configuring IP Multicast Dynamic NAT

Router# configure terminal
Router(config)# ip nat pool mypool 10.41.10.1 10.41.10.23 netmask 255.255.255.0
Router(config)# access-list 100 permit 10.3.2.0 0.0.0.255 any
Router(config)# ip nat inside source list 100 pool mypool
Router(config)# ip multicast-routing distributed
Router(config)# interface gigabitethernet 0/0/0
Router(config-if)# ip address 10.0.0.1 255.255.255.0
Router(config-if)# ip pim sparse-mode
Router(config-if)# ip nat inside
Router(config-if)# exit
Router(config)# interface gigabitethernet 0/0/1
Router(config-if)# ip address 10.2.2.1 255.255.255.0
Router(config-if)# ip pim sparse-mode
Router(config-if)# ip nat outside
Router(config-if)# end

Additional References

Related Documents

Related Topic Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

NAT commands

Cisco IOS IP Addressing Services Command Reference

Configuring NAT for IP address conservation

Configuring NAT for IP Address Conservation module

Standards and RFCs

Standard/RFC Title
None --

MIBs

MIB MIBs Link
None

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IP Multicast Dynamic NAT

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for IP Multicast Dynamic NAT
Feature Name Releases Feature Information

IP Multicast Dynamic NAT

Cisco IOS XE Release 3.4S

The IP Multicast Dynamic Network Address Translation feature supports the source address translation of multicast packets. You can use source address translation when you want to connect to the Internet, but not all your hosts have globally unique IP addresses. NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. The IP multicast dynamic translation establishes a one-to-one mapping between an inside local address and one of the addresses from the pool of outside global addresses.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.