Nat Translation

Unanswered Question
Jun 25th, 2010
User Badges:


Simple setup 192.168.10.x lan subnet through PAT all subnet able access internet .now i need help

i have lan ip its kind a streaming device   this device must go to internet and  also through

one  dedicated WAN(internet) ip  people sitting on  internet can access this from port

18 to 19000 via ip 210.2.X.X

For internet

i did following configuration

access-list 101 permit any

ip nat inside source list 101 fa0/1 overload


For device

ip nat pool netmask rotary

ip access-list extended PortForwarding

permit tcp any  host 210.2.x.X  range 19  19000

kindly help   me  from above configuration   i can see translation on my router when i able to access this device ( via 210..2.x.x

& access-list hit counts but device not able go to internet i  knwo this reason why this happening

But i need solution  device on must go to internet as well users   on internet can access it on WAN ip from port 18 to 19000


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Fri, 06/25/2010 - 15:24
User Badges:
  • Green, 3000 points or more


You have a single public IP for NAT use?

Because if you have another, it will be easier to do static PAT to access the device.

Why is the not getting to the Internet?

Is it not getting PATed ''sh ip nat trans | i''?

Could you post:

sh run | i ip nat


Faizan Khursheed Sat, 06/26/2010 - 00:43
User Badges:

the reason not getting to internet becuase the traffic come from outside to inside

not going  inside to outside

as you can se ip nat destination command  ?

initially i did ip nat inside soucre static 210.2.x.x  

i think this will resolve the issue but my client  getting me confuse

above static command will resolve issue for internet and from internet users can connect it  on any port

Thanks for your reply

Federico Coto F... Sat, 06/26/2010 - 07:26
User Badges:
  • Green, 3000 points or more

The static NAT command is what you need, just make sure the public IP used for the static NAT is not the public IP used on the Fa0/1 of the router.



This Discussion