Problem with Bi-directional natting

Unanswered Question

Hi, I'm attempting to perform a double translation but so far have not had much luck.

I have a host directly connected to interface 0/0 on a Cisco 2600 that needs to send translated packets out on interface 1/0 and also be able to receive them back the same way.

The setup we currently have is:

Host( <->[NAT_INSIDE:]

|| [NAT_OUTSIDE:] <-> (server)

The intention is to preform a translation on all packets arriving to and send them out as, with a source of so in effect, the server would see

them as if they were sent from the 2600.

On the return, the same scenario

Packets arriving on should be translated to with a source address of, so the host sees them as if sent from the 2600

In effect, a simple 2 way forward translation.

The current config we have for the 2600 is:

interface FastEthernet 0/0

ip address

ip nat inside


interface Ethernet 1/0

ip address

ip nat outside


ip classless

ip route

ip nat inside source static

When packets arrive on the outside interface (.5) they are sent to the inside interface as requested, and I can see them in the host, but the reverse is not happening, ie, packets

arriving from on are not being forwarded to

I do get a ping back from the 2600 in this situation (probably due to routing happening before natting).

Could anyone shed some light as to see if this can be done?

Many thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 06/19/2008 - 02:06


Could yhou clarify as to exactly waht you want to happen with the source and destination IP addresses in both directions becaise it is not clear from your description.

"ip nat inside source static"

this statement would not make packets arriving at the server seem as though they are coming from the router interface

So Host sends packet to First question

1) Does send a packet to or does it send it to another address that you then want to NAT on the 2600.

After that what do you want to happen to the IP addresses in the packet when they go through the 2600.


Hi Jon, thanks very much for your prompt reply.

Packets from are sent to

What we need to do is send out on the outside interface the packets received in out to with a source of

Then, packets received on from need to be translated and sent out to with a source IP of

Many thanks again.


Jon Marshall Thu, 06/19/2008 - 02:23


I don't have a router handy at the moment so there may be a bit of trial and error here.

This statement will NAT your source IP address ( to

ip nat inside source static

This next statement is the one we may have to work on :-)

ip nat outside source static

Can you try them both and let me know what happens.


Ron hi.

I have run a few tests with the config you mention.

If I ping from, I can see the ICMP's on, where I can also see the responses sent back.

On however, I'm getting request timeouts

When I ping from I get the responses back very quickly (i assume from the router) but no trace of the packages reaching

I don't think that they are being sent back at all :(



Jon Marshall Thu, 06/19/2008 - 07:42


I should have spotted that one ie. pinging from, obviously the router interface will just respond. Does it have to be this address ie. or could it be another ?

As for the other ping not working, can you remove the second NAT statement in my original post and see if it works ?

I know i have a 2600 router lying around somewhere in my garage, i may have to dig it out :-)


Hi Jon.

Unfortunately we are fixed to the two addresses on and 2. It's a private cct that is delivered straight to the 2600.

I've removed the 2nd NAT rule and got request time out on the .30 box.

The thing that gets me, is that it is a really simple concept, I was sure it could be done with a cisco box.

Thanks very much for your pointers, if we end up figuring that out it would be superb :).

Best reagards



This Discussion