PAT with cisco 801

Unanswered Question
Feb 12th, 2007

We have several stores with cisco 801 series ISDN routers. We have a VPN setup so that we can PCAnywhere in to our store computers through our internal addresses. Recently we found the need to be able to PC anywhere into our stores from an external location. So, I setup a NAT to go like this

ip nat inside source static tcp 192.168.12.100 5631 207.224.xxx.xxx 5631

ip nat inside source static udp 192.168.12.100 5632 207.224.xxx.xxx 5632

this was fine to access our computers through an external IP, however we are not able to access them through our internal IP. Is there some way I can add another NAT command or access list command to the config so that we can PCAnywhere in from outside AND inside our VPN.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Fri, 02/16/2007 - 13:07

Use the following command to do PAT in 801:

ip nat inside source {list { access-list-number | name} pool name [overload] }

Example:

ip nat inside source list 20 interface serial 0 overload

// where 20 is an access list.

Remember to set your nat inside and outside interfaces.

kaachary Wed, 02/21/2007 - 04:19

Hi,

In IOS, the static NAT takes precedence over any other NAT.

So you need to do policy routing in this case.

Create an access-list :

access-list 101 permit ip 192.168.12.0 0.0.0.255

Create loopback intf :

int loopback 1

ip address 1.1.1.1 255.255.255.0

exit

Createa route map :

route map policy permit 10

match ip address 101

set interface loopback 1

exit

Appy the route-map on the LAN interface :

int fasteth0/0

ip policy route-map policy

exit

That should do it !

Let me know if you have some question.

-Kanishka

insccisco Wed, 02/21/2007 - 09:35

Hi Kanishka,

I had a similar problem and yes, I was able to get around it using the policy routing with the int loopback

my problem now is that I would love to know why. I would like to understand the inner details about this fix. I have several configurations and one of them had this work-around, so all I did was apply the same commands... but again, I'd love to know why this method of sort of lying to the router works

any explanations, links, etc will be really appreciated

thanks

franclop Thu, 11/18/2010 - 08:45

Just an FYI..  If you're using a newer version of IOS and this does not appear to be working, replace "set interface loopback X" with "set default interface loopback X".


That fixed it for me.


Thanks,

Frank

Actions

This Discussion