cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
669
Views
0
Helpful
7
Replies

Dynamic & Static NAT

jeremyshort
Level 1
Level 1

Hello

Can anyone help me understand if it is possible to have NAT pools that NAT Inside Local addresses to Inside Global addresses, plus static entries that NAT static Inside Local addresses to a static Inside Global addresses?

I have a app server on a clients network that requires my private addressing to be natted to their private addressing. This is done via a NAT pool. At the same time i have another app server on the same clients network that requires a static 1-2-1 NAT entry as it has to initiate a connection back into the host.

My issue is that the static entry seems to work but it breaks the dynamic NAT as the host is always getting natted to the static address for the 2nd app server, rather than use the pool.

Can anyone advise?

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Hi Jeremy

Can you post your nat configuration plus the IP address details of the app servers and any other IP details that are relevant ?

Jon

Here are the relevant parts, ive changed the IP addressing slightly for protection.

ip nat pool APP-PROD-POOL 10.10.2.2 10.10.10.2 prefix-length 24

ip nat pool APP1-PROD-POOL 10.10.2.11 10.10.2.27 prefix-length 24

ip nat inside source route-map APP-PROD-NAT pool APP-PROD-POOL overload

ip nat inside source route-map APP1-PROD-NAT pool APP1-PROD-POOL overload

!

ip nat inside source static 192.20.10.205 10.10.2.28

!

access-list 101 remark APP-PROD-NAT

access-list 101 permit ip 192.20.0.0 0.0.255.255 host 192.110.100.74

access-list 102 remark APP1-PROD-NAT

access-list 102 permit ip 192.20.0 0.0.255.255 host 172.11.1.22

access-list 102 permit ip 192.20.0 0.0.255.255 host 192.110.100.143

!

route-map APP-PROD-NAT permit 10

match ip address 101

!

route-map APP1-PROD-NAT permit 10

match ip address 102

Hi Jon

Any ideas on this yet?

Sorry Jeremy, should have got back sooner.

I'm at work so i can have a look at this in lab if needed. Just for clarity can you give examples with IP addresses as to what is happening ie.

source IP - destination IP - Natted IP for both servers.

Jon

Hi Jon

192.168.0.0 - is our internal private addressing

10.10.2.0 - is the customers addresses that we NAT to/behind.

The customer then allows their address range 10.10.2.0 connections to their FTP/App servers which are

192.110.100.74

172.11.1.22

192.110.100.143

The problem i have is that i need to have a static 1-2-1 host NAT entry to get a call recording solution to work (Witness). But with this static 1-2-1 entry i also need the host to access the FTP/App servers which have NAT pools. I cant get the host to use the pools if i define the static 1-2-1?

Jeremy

Apologies, i have been trying to get round to this all day but have been very busy.

Could you just try one quick thing before i dive into the lab

change line

ip nat inside source static 192.20.10.205 10.10.2.28

to

ip nat inside source static 192.20.10.205 10.10.2.28 extendable

Jon

Hi Jon

Many thanks for your reply

I have been unable to do the change that you requested at the moment as this is a prod router and i cant get any down time.

Ill have a change in for tonioght so i can give it a go then.

Ill let you know once what the outcome is.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco