cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
2
Replies

Is this possible with nat statements ?

ANCPARCELS
Level 1
Level 1

The company I work for has a number of remote branches that are only able to route traffic on a 10.1.xxx.xxx network.

A requirement to allow these branches to connect to a public IP (port 2700) is proving somewhat of a headache - since the routes are unreachable. It is not possible to make changes on those routers as it is a managed network and would be costly.

I have a 1721 router that has two ethernet interfaces. I want to be able to use the inside interface (10.1.99.99) to 'proxy' these sessions onto the remote host (via the second e0) based on traffic hitting the 10.1.99.99 interface on port 2700.

Is this something that can be achieved using ip nat statements ?

Thanks in advance for any useful advice.

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Assuming your e0 interface on your router has a publically routable IP address you can use nat with a route map for this.

ip nat inside source route-map natclients interface e0 overload

access-list 101 permit ip 10.1.x.x 255.255.0.0 host "public ip"

route-map natclients permit 10

match ip address 120

If you only want to NAT internal clients when they are trying to communicate with the public IP on 2700 you can modify access-list 101 to

access-list 101 permit tcp 10.1.x.x 255.255.0.0 host "public IP" eq 2700

HTH

Jon

Thanks for the reply.

I managed to remedy the problem by placing a PIX 506 on the network and using dnat (using the alias command) to map an internal 10.1.xx.xxx address to the public IP address that I want the internal clients to reach.

Rgrds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco