NATING Outside Global to Inside Local

Unanswered Question
Apr 28th, 2008

Hi,

I need to create a static NAT entry on my gateway router to allow connection from a specific outside to my internal servers.

My external interface is fa0 and my internal interface is fa1. I could have use "ip nat outside source static" but, I have existing NAT entries for other live service that conflicts with my new settings. My current setting has fa0 (ip nat inside) and fa1 (ip nat outside) which is an inverse of how I need them to be.

Please assist with setup that I could use to access my internal servers from outside.

P.S: I have a spare public IP that could be used.

Elly

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 04/29/2008 - 05:27

Have you tried something like this?

ip nat inside source

That will translate all ports, so if you want to restrict by port it would be something like this (this example is for HTTP).

ip nat inside source static tcp 80 80 extendable

Hope that helps.

Eliufoo.Mahinda Wed, 04/30/2008 - 05:45

It didn't work. Has I mentioned early, my existing NAT configuration conflicts with these ones. The interface are configured oppositely i.e fa0 is nat inside & fa1 is nat inside. Any other way?

Collin Clark Wed, 04/30/2008 - 05:54

It doesn't matter about NAT inside and NAT outside, you can still NAT in both directions. Can you post the results of "show run | i nat"? Please change your public IP's. Thanks.

Eliufoo.Mahinda Thu, 05/01/2008 - 04:14

ciscoinside#show run | i nat

ip nat inside

ip nat inside

ip nat outside

ip nat outside

ip nat outside

ip nat outside

ip nat inside source list 10 interface Vlan21 overload

ip nat inside source list 141 interface Vlan22 overload

ip nat inside source list local interface FastEthernet1 overload

ip nat inside source list local2 interface Vlan10 overload

ip nat inside source static 172.16.50.3 84.233.212.84

ciscoinside#show ip nat statistics

Total active translations: 6 (1 static, 5 dynamic; 5 extended)

Outside interfaces:

FastEthernet1, Vlan10, Vlan21, Vlan50

Inside interfaces:

FastEthernet0, Tunnel10

Hits: 1063250 Misses: 13863

CEF Translated packets: 1071145, CEF Punted packets: 126

Expired translations: 15828

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 interface Vlan21 refcount 0

[Id: 2] access-list 141 interface Vlan22 refcount 0

[Id: 3] access-list local interface FastEthernet1 refcount 2

[Id: 4] access-list local2 interface Vlan10 refcount 3

Queued Packets: 0

ciscoinside#

Collin Clark Thu, 05/01/2008 - 05:12

You already have one translation ip nat inside source static 172.16.50.3 84.233.212.84. You need to do the same thing, just with a different public IP.

Eliufoo.Mahinda Thu, 05/01/2008 - 20:45

It the same configuration I tried but with real IP addresses that I'm using and it haven't worked. I figured it could be something to do with they way NAT interfaces are configured. My external interface has ip nat inside.

Actions

This Discussion