Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ip nat outside on zone-based FW (877)

Unanswered Question
Mar 11th, 2010
User Badges:


If I look through many web-pages on the subject, it should be possible to combine NAT outside and NAT inside.  However, which way I try it, it doesn't work...

There are various reasons which can cause this:

* The router really doesn't support it (it's a cisco 877 with IOS C870 Version 12.4(15)T7)

* I didn't configure it correctly...which is the most likely case, because I have difficulties really understanding the zone-based firewall it's using... Maybe the fact it's using zone-based FW, doesn't work correct for the translation...(the zone based FW was started by the web-access to the router)

I give the snippets of the config which I think are important:


ip port-map user-pm-udp6565 port udp 6565


class-map type inspect match-all sdm-nat-user-protocol--6-2

  match access-group 199


policy-map type inspect sdm-pol-NATOutsideToInside-2


  class type inspect sdm-nat-user-protocol--6-2

    pass log


zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone

   service-policy type inspect sdm-pol-NATOutsideToInside-2


ip nat pool poolExt netmask

ip nat inside source static tcp 6565 interface Dialer1 6565

ip nat inside source static udp 6565 interface Dialer1 6565

ip nat outside source list 199 pool poolExt add-route


access-list 199 permit tcp any host eq 6565

access-list 199 permit udp any host eq 6565


In this Dialer1 is defined as "ip nat outside" and Vlan1 as "ip nat inside".

The port translation works correct, it makes the connection to, but with the outside address, which I wanted to be translated to some address in the range - 220...

Can someone see why the external address (on port 6565) isn't translated by this code ?  It is using access-list 199 because when it doesn't pass the router when I remove the lines



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content