NAT question

n.carroll · ‎05-01-2007

Hi,

Behind C2801 router we have a mail server (172.20.17.35) which is avialabe to the outside world and there was a NAT config as below.

ip nat inside source static tcp 172.20.17.35 25 X.X.X.X 25 extendable

We allow HTTPS acceess to the same server and configured another NAT using the same NATTED IP address ( X.X.X,X), it did not establish the connection while it built NAT in the table.

ip nat inside source static tcp 172.20.17.35 443 X.X.X.X 443 extendable

Then, we tried another NATTED Ip address (X.X.X.Y), then it worked.

ip nat inside source static tcp 172.20.17.35 443 X.X.X.Y 443 extendable

Why can't we use the same NATTED IP addresses while it is only a port translation?

bjornarsb · ‎05-02-2007

Hi,

Static PAT is the same as static NAT, except it lets you specify the protocol (TCP or UDP) and port for the local and global addresses.

This feature lets you identify the same global address across many different static statements, so long as the port is different for each statement (you CANNOT use the same global address for multiple static NAT statements).

For example, if you want to provide a single address for global users to access FTP, HTTP, and SMTP, but these are all actually different servers on the local network, you can specify static PAT statements for each server that uses the same global IP address, but different ports

Regards

Bjornarsb

bjornarsb · ‎05-02-2007

.....And for PAT you cannot use the same local or global address in multiple static statements between the same two interfaces.