One of the reasons engineers tend to prefer the command line over graphical interfaces is efficiency. Imagine you have to instruct a junior admin with little networking knowledge at a remote site on configuring NAT on the branch router there. Which of the two following hypothetical emails would you prefer sending?
Log into SDM (you might have to download it from the router first) and go to the configure tab. In the tasks pane on the left side, click NAT. Click "Advanced NAT" and the launch button. Click next, and when it asks to select the ISP-facing interface select FastEthernet0 from the drop-down list. Click next.
The next step should list both interfaces again. Select Vlan1 (192.168.1.0/24) this time and click next.
The last step should say "Specify Public IP Addresses for Servers." We need to add a static NAT rule for the VPN server, so click the "Add" button next to the empty list. Use these values:
- Private IP address: 192.168.1.204
- Public IP address: Select "IP address of FastEthernet0"
- Type of Server: Other
- Original Port: 1194
- Translated Port: 1194
- Protocol: UDP
Then click OK, and click next again (make sure the static rule shows up in the window first). Click "Finish" at the last step. It will pop up another window and should say something like "configuration saved" after a few seconds. Hit OK and close SDM.
Log into the router via Telnet or SSH and paste this config:
configure terminal interface FastEthernet0 ip nat outside ! interface Vlan1 ip nat inside ! ip nat inside source static udp 192.168.1.204 1194 interface FastEthernet0 1194 ip nat inside source list 1 interface FastEthernet0 overload ! access-list 1 permit 192.168.1.0 0.0.0.255 exit copy run start
Hit enter to confirm the last command.