Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

static

vpn interface nat static— Configure static NAT address mappings (on vEdge routers only).

In service VPNs (VPNs except VPN 0 and VPN 512, configure static NAT address mappings on a vEdge router that is acting as a NAT device. Across all NAT pools, a vEdge router can NAT a maximum of 254 source IP addresses. This is the number of addresses in a /24 prefix, less the .0 and .255 addresses. You cannot configure translation for .0 and .255 addresses.

In the transport VPN (VPN 0), configure static NAT address mappings to a pool of NAT addresses. You can configure as many static address mappings as there are IP address in the configured NAT pool. If you configure no static mappings, NAT address mapping is performed dynamically.

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet
Configuration ► Templates ► VPN Interface NAT Pool
Configuration ► Templates ► VPN Interface PPP

Command Hierarchy

In service VPNs:

vpn vpn-id
  interface natpoolnumber
    nat
      static source-ip ip-address1 translate-ip ip-address2 (inside | outside)

In the transport VPN:

vpn 0
  interface geslot/port
    nat
      static source-ip ip-address1 translate-ip ip-address2 source-vpn vpn-id protocol (tcp | udp) source-port number translate-port number

Options (in Service VPNs)

Direction To Perform Network Address Translation
(inside | outside)
Direction in which to perform network address translation. It can be one of the following:
inside—Translate the IP address of packets that are coming from the service side of the vEdge router and that are destined to transport side of the router. For translation of inside source IP addresses to occur, the translation direction, configured with the direction command, must be inside. direction inside is the default, so you can omit this command from the configuration.
outside—Translate the IP address of packets that are coming to the vEdge router from the transport side of the vEdge router and that are destined to a service-side device. For translation of outside source IP addresses to occur, the translation direction, configured with the direction command, must be outside.
Source IP Address
source-ip ip-address1
Private source IP address to be NATed. This is the IP address of a device or branch router on the service side of the vEdge router.
Translated IP Address
translate-ip ip-address2
Public IP address to map the private source address to. This is the IP address that the vEdge router places in the source field of the packet's IP header when transmitting the packet over a transport network.

Options (in the Transport VPN)

Protocol
(tcp | udp)
Protocol being used to transmit the traffic flow.
Source IP Address
source-ip ip-address1
Private source IP address to be NATed. This is the IP address of a device or branch router on the service side of the vEdge router.
Source Port Number
source-port number
Number of the source port.
Range: 1 through 65535
Source VPN
source-vpn vpn-id
Service VPN from which the traffic flow is being sent.
Translated IP Address
translate-ip ip-address2
Public IP address to map the private source address to. This IP address must be contained in the pool of NAT addresses that you configure with the natpool command.
Translated Port Number
translate-port number
Number to translate the port number to.
Range: 1 through 65535

Example

Configure a vEdge router to NAT a service-side and a remote IP address:

vEdge# show running-config vpn 1
interface natpool1
  ip address 10.15.1.4/30
  nat
    static source-ip 10.1.17.3 translate-ip 10.15.1.4 inside
    static source-ip 10.20.25.18 translate-ip 10.25.1.1 outside
    direction inside
    no overload
  !
  no shutdown
!

Release Information

Command introduced in Viptela Software Release 16.3.
In Release 18.3, add support for static NAT address mappings in VPN 0.

Additional Information

See the Configure Transport-Side NAT and Using a vEdge Router as a NAT articles for your software release.
direction
natpool
overload

  • Was this article helpful?