NAT issue

Answered Question
Feb 18th, 2009

I have a sytem on my LAN (192.168.100.1) that needs to be accessed from WAN, my inside global is (200.200.200.1/29). How do I define the NAT config?

ip nat inside source static 192.168.100.1 200.200.200.1

or

ip nat ouside source static 200.200.200.1 192.168.100.1

Where will I need ip nat inside destination.....?

Correct Answer by Jon Marshall about 8 years 1 day ago

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 02/19/2009 - 02:21

"How do I define the NAT config?"

ip nat inside source static 192.168.100.1 200.200.200.1

On your router

fa0/0 (LAN interface)

ip nat inside

fa0/1 (WAN interface)

ip nat outside

Jon

Just Kennie Fri, 02/20/2009 - 00:48

What I am saying is that,

ip nat inside source static 192.168.100.1 200.200.200.1

the above command should be for translating private IP to public so I can get to the WEB. Is it same if I want to access that particular system with LAN IP 192.168.100.1 from the net?

Correct Answer
Jon Marshall Fri, 02/20/2009 - 03:05

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

enkli Fri, 02/20/2009 - 03:15

you must use extended access list and port mapping

Jon Marshall Fri, 02/20/2009 - 03:24

"you must use extended access list and port mapping"

No you don't. You can use port mapping if you want to map multiple private IP addresses to one public IP but that is not the case here. Or at least it doesn't look like that is a requirement.

Jon

enkli Fri, 02/20/2009 - 03:16

why dont you nat on 200.200.200.2

you have 6 IP addresses available ???

Actions

This Discussion