Is this possible with nat statements ?

Unanswered Question
Mar 17th, 2007
User Badges:

The company I work for has a number of remote branches that are only able to route traffic on a network.

A requirement to allow these branches to connect to a public IP (port 2700) is proving somewhat of a headache - since the routes are unreachable. It is not possible to make changes on those routers as it is a managed network and would be costly.

I have a 1721 router that has two ethernet interfaces. I want to be able to use the inside interface ( to 'proxy' these sessions onto the remote host (via the second e0) based on traffic hitting the interface on port 2700.

Is this something that can be achieved using ip nat statements ?

Thanks in advance for any useful advice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sat, 03/17/2007 - 15:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Assuming your e0 interface on your router has a publically routable IP address you can use nat with a route map for this.

ip nat inside source route-map natclients interface e0 overload

access-list 101 permit ip 10.1.x.x host "public ip"

route-map natclients permit 10

match ip address 120

If you only want to NAT internal clients when they are trying to communicate with the public IP on 2700 you can modify access-list 101 to

access-list 101 permit tcp 10.1.x.x host "public IP" eq 2700



Purist1972 Tue, 03/20/2007 - 13:40
User Badges:

Thanks for the reply.

I managed to remedy the problem by placing a PIX 506 on the network and using dnat (using the alias command) to map an internal address to the public IP address that I want the internal clients to reach.



This Discussion