Can you configure multiple nat addresses over the same port

Unanswered Question
Jan 28th, 2008

Can you configure multiple nat addresses over the same port, e.g.

ip nat inside source static tcp 192.168.1.2 80 203.214.17.212 80 and ip nat inside source static tcp 192.168.1.3 80 203.214.17.212 80

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Mon, 01/28/2008 - 21:04

I dont think this is possible. Below is the test from the lab trying to apply the configuration you had posted.


Router(config)#ip nat inside source static tcp 192.168.1.2 80 203.214.17.212 80

Router(config)#ip nat inside source static tcp 192.168.1.3 80 203.214.17.212 80

% similar static entry (192.168.1.2 -> 203.214.17.212) already exists


Regards,

Arul


** Please rate all helpful posts **

alex.mastoris Mon, 01/28/2008 - 21:23

Is there someone it can be done, e.g. create a pool of address 192.168.1.2 and .3 then point them to 203.214.17.212 on port 80?

dongdongliu Mon, 01/28/2008 - 21:28

acess-l 100 per tcp host 192.168.1.2 eq 80 any eq 80

acess-l 100 per tcp host 192.168.1.3 eq 80 any eq 80


ip nat pool pool_1 203.214.17.212

ip nat inside source list 100 pool pool_1 overload

dongdongliu Mon, 01/28/2008 - 23:58

you need apply the statement to interface:


int s x/x/x

ip nat outside


int f y/y/y

ip nat inside

and you can depend on actual tcp port of 192.168.1.2/3 to modify the acl

alex.mastoris Tue, 01/29/2008 - 01:39

The router I have is a cisco 877 router so apply to the vlan1 interface and dialer0 interface? What about the ip nat statements I assume thry would be different?

Edison Ortiz Tue, 01/29/2008 - 06:32

Let's think about this logically, how the incoming packet (traffic from the internet) is supposed to know to NAT one address over the other?


__


Edison.



Are you find for this?


When first web client make request to 203.214.17.212

the router will forward to 192.168.1.2

when second web client make request to 203.214.17.212

the router will forward to 192.168.1.3

and so on


If the answer is yes the follow configuration can help you

TCP Load Distribution for NAT


Router(config)# ip nat pool real-hosts 192.168.1.2 192.168.1.3 prefix-length 24 type rotary

Router(config)# access-list 100 permit tcp any host 203.214.17.212 eq 80

Router(config)# ip nat inside destination-list 100 pool real-hosts

alex.mastoris Wed, 01/30/2008 - 18:48

I've added ip nat pool real-hosts 192.168.1.2 192.168.1.3 prefix-length 24 type rotary

Router(config)# access-list 100 permit tcp any host 203.214.17.212 eq 80

Router(config)# ip nat inside destination-list 100 pool real-hosts

and configured dialer interface 0 for ip access-group 100 out and all I get is time out when I goto my web pages from an external client. Although my access lists show matches when trying to get to my sites.

Actions

This Discussion