10-21-2007 05:38 PM - edited 03-03-2019 07:16 PM
Hi guys, I was just wondering what is the difference between the two. As far as I know, the only difference is that source list can be used to define a range of addresses (e.g an entire subnet) whereas source static will only cover the specified IP address. Is this the only difference?
The reason why I ask is because I have seen a config which uses both commands for the one IP address. Eg.
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.11.11.1 8080 interface GigabitEthernet0/1 8080
ip access-list standard NAT_LIST
permit 10.11.11.1
Why is it necessary to put the IP as part of a list and a static assignment?
Thanks.
Solved! Go to Solution.
10-21-2007 08:33 PM
Yes, that is correct, normally if one have spare public IP addresses if we assume this scenario one would simply write several " ip nat inside source static "local_ IP" "global_ip " addresses and create access-list permiting traffic for specific ports or have acls wide opened for any tcp/udp ports inbound.
Rgds
Jorge
10-21-2007 07:23 PM
Hi Will,
As you indicated the two NAT statements have differences and specific purposes. The âThe ip nat inside source list NAT interface GigabitEthernet0/1 overload â creates dynamic NAT whereby inside source IP addresses will be translated using outside gig0/1 interface IP address. The â Interface â is telling router to use Gig0/1 as its global NAT address , because your access list only permits 10.11.11.1 this will translate only this host using gig0/1 address for outbound connections , if the acl was â permit 10.11.11.0 it would permit any inside host in the 10.11.11.0 subnet for outbound connections, also it is noted your access-list name NAT_LIST does not match the name in your ip nat source list âNATâ which I tend to believe access list is not doing anything and router is processing dynamic NAT for all your inside hosts to outside .
As for the"ip nat inside source static tcp 10.11.11.1 8080 interface GigabitEthernet0/1 8080 " this is for inbound connections TCP port 8080 redirection to host 10.11.11.1 using gigabitethernet0/1 interface as the global NAT outside address to inside host 10.11.11.1. I believe the format of this NAT statement could be used when there is only one public IP address which in this case is the IP address of Gigabitethernet0/1 interface as your outside interface and you want to use this interface to redirect different TCP/UDP ports traffic to specific inside hosts using just one global NAT address. You will also need an acl permitting inbound traffic to host 10.11.11.1 from outside.
HTH
Jorge
10-21-2007 07:37 PM
ahh I see, just as I thought. So source list is basically NAT and source static is also NAT but with port forwarding too?
10-21-2007 08:33 PM
Yes, that is correct, normally if one have spare public IP addresses if we assume this scenario one would simply write several " ip nat inside source static "local_ IP" "global_ip " addresses and create access-list permiting traffic for specific ports or have acls wide opened for any tcp/udp ports inbound.
Rgds
Jorge
10-21-2007 08:40 PM
Excellent, thanks for the info.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: