Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
7
Replies

NAT issue

Go to solution
Just Kennie
Level 1
Level 1

‎02-18-2009 06:32 PM - last edited on ‎03-25-2019 03:22 PM by Community Manager

I have a sytem on my LAN (192.168.100.1) that needs to be accessed from WAN, my inside global is (200.200.200.1/29). How do I define the NAT config?

ip nat inside source static 192.168.100.1 200.200.200.1

or

ip nat ouside source static 200.200.200.1 192.168.100.1

Where will I need ip nat inside destination.....?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Just Kennie

‎02-20-2009 03:05 AM

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Davy Ad
Level 1
Level 1

‎02-19-2009 02:09 AM

Hello Just,

Is this for Router or firewall?

DAK

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-19-2009 02:21 AM

"How do I define the NAT config?"

ip nat inside source static 192.168.100.1 200.200.200.1

On your router

fa0/0 (LAN interface)

ip nat inside

fa0/1 (WAN interface)

ip nat outside

Jon

0 Helpful

Go to solution
Just Kennie
Level 1
Level 1
In response to Jon Marshall

‎02-20-2009 12:48 AM

What I am saying is that,

ip nat inside source static 192.168.100.1 200.200.200.1

the above command should be for translating private IP to public so I can get to the WEB. Is it same if I want to access that particular system with LAN IP 192.168.100.1 from the net?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Just Kennie

‎02-20-2009 03:05 AM

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

0 Helpful

Go to solution
enkli
Level 1
Level 1
In response to Jon Marshall

‎02-20-2009 03:15 AM

you must use extended access list and port mapping

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to enkli

‎02-20-2009 03:24 AM

"you must use extended access list and port mapping"

No you don't. You can use port mapping if you want to map multiple private IP addresses to one public IP but that is not the case here. Or at least it doesn't look like that is a requirement.

Jon

0 Helpful

Go to solution
enkli
Level 1
Level 1

‎02-20-2009 03:16 AM

why dont you nat on 200.200.200.2

you have 6 IP addresses available ???

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card