07-22-2008 12:46 AM - edited 03-03-2019 10:50 PM
Hi!
I have a task to configure IOS NAT like proxy-server:
Local net Cisco ISR
[10.0.0.1/24]----[[10.0.0.1]-[20.0.0.1]]----[Internet-30.0.0.1]
Every packet from local network 10.0.0.1/24 to cisco's inside interface 10.0.0.1 port 445 should be redirected to Internet address 30.0.0.1 with source address 20.0.0.1 (cisco's outside interface). How can I do that?
I try this:
ip nat ip nat outside source static tcp 30.0.0.1 445 10.0.0.1 445
ip nat inside source list TO-INET interface GigabitEthernet0/0 overload
ip access ext TO-INET
perm tcp host 10.0.0.1 host 30.0.0.1
It doesn't work.
Solved! Go to Solution.
07-22-2008 05:18 AM
Your nat is correct except that nat only occurs as the traffic passes from a inside to outside interface... at least in your case.
Since the traffic is sent to the routers ip itself it does not even leve the inside interface.
You should be able to policy route the traffic to the outside interface to cause the nat to occur. You will want to set the nexthop to be the router of your ISP.
07-22-2008 05:03 AM
Which platform are you using, what version of IOS are you running?
07-22-2008 05:18 AM
Your nat is correct except that nat only occurs as the traffic passes from a inside to outside interface... at least in your case.
Since the traffic is sent to the routers ip itself it does not even leve the inside interface.
You should be able to policy route the traffic to the outside interface to cause the nat to occur. You will want to set the nexthop to be the router of your ISP.
07-22-2008 08:27 PM
Thanks for you reply. I find order in witch NAT works with ip-packets - it is a great technical confiramtion of your words.
07-23-2008 01:20 PM
#ip nat ip nat outside source static tcp 30.0.0.1 445 10.0.0.1 445
#ip nat inside source list TO-INET interface GigabitEthernet0/0 overload
#access-list ext
#access-list permit tcp host 10.0.0.1 host 30.0.0.1
07-23-2008 01:21 PM
Try with the commands what i have replied ,if it does not work.please feel free to come back with the query.
07-23-2008 08:27 PM
You are right, if traffic will be addressed to some host in outside network. In may case, traffic addressed to cisco's inside interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: