cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
442
Views
0
Helpful
1
Replies

Destination NAT - IOS router - traffic inside

jharris2006
Level 1
Level 1

I'm having an issue using a destination nat. I'm not sure if this is the best way to do it.

I have a static nat in place mapping a public ip 10.10.10.1 to internal ip 192.1.1.1. All is working well.

Howerver I need the public ip 10.10.10.1 to be accessible to all clients on the internal network. (DB programers hard corded IPs into there program).

Currently I can't ping the public address of the static nat internally.

What type of nat / acl do i need to put in place to get this to work?

Any documentation or advice would be helpful.

1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

You may be able to use policy based routing. Create an access-list permitting all of your internal subnet to the one internal host, but do it by public IP.

ip access-list ext TRANSLATE

permit ip 192.168.1.0 0.0.0.255 host

Then create your route map that forces all of those hosts going to that destination to the internal address instead.

(From memory )

route-map INTERNAL permit 5

match ip address TRANSLATE

set ip next-hop 192.168.1.1 <--your internal server ip.

Again, I don't know if this will work, but it might.

HTH,

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco