07-27-2010 09:55 AM - edited 03-04-2019 09:13 AM
I am trying to configure a 2811 so that it can both
use overloaded NAT inside to connect to the outside world via an ISP, and can also accept incoming traffic which I need to NAT the source address to ensure traffic goes via this router - during a change of ISP, where the internal default gateway is another router.
I can get outbound traffic working, and though some inside source static can route the external traffic inwards, but I don't seem to be able to change the source using ip outside source.
A brief version of the config (many IP nat inside removed, and external IP addresses changed.
Inside is 192.168.8.x , ISP is 80.111.192.178. public ip addresses 80.111.193.33/27
I'm wanting inbound traffic to look as if it has come from 192.168.8.72
!
interface FastEthernet0/0
description intranet$ETH-LAN$
ip address 192.168.8.254 255.255.255.0
ip access-group 100 in
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip nat enable
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex full
speed 100
!
interface FastEthernet0/1
description To ISP $ETH-WAN$
bandwidth 10240
ip address 80.111.192.178 255.255.255.252
ip access-group 111 out
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip nat enable
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex full
speed 100
!
ip route 0.0.0.0 0.0.0.0 80.111.192.177 permanent
ip route 192.168.8.0 255.255.255.0 FastEthernet0/0 permanent
ip route 192.168.8.72 255.255.255.255 FastEthernet0/1 permanent
!
!
ip nat pool ovrld 80.111.198.33 80.111.198.33 netmask 255.255.255.0
ip nat pool extpool 192.168.8.72 192.168.8.72 netmask 255.255.255.0
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.8.5 21 80.111.198.33 21 extendable
ip nat inside source static tcp 192.168.8.33 25 80.111.198.33 25 extendable
ip nat inside source static tcp 192.168.8.14 80 80.111.198.33 80 extendable
ip nat inside source static tcp 192.168.8.14 443 80.111.198.33 443 extendable
ip nat outside source list 3 pool extpool add-route
!
!
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 3 deny 192.168.8.0 0.0.0.255
access-list 3 permit any
All help gratefully received to preserve what little hair this has left me!
07-27-2010 10:27 AM
Hello,
I see from the configs that you have enabled both "ip nat outside/inside" and "ip nat enable" under the interfaces. Can you please remove "ip nat outside/inside" from the interface configurations and re-enter all the NAT configurations?
Hope this helps.
Regards,
NT
07-28-2010 02:27 AM
Hi,
Thanks for that.
I tried removing the ip nat inside/outside and reentering the NAT configurations, but lost connectivity (via the ip nat inside source list 1 pool ovrld overload) from inside to outside.
I suspect I am missing something about how I should reneter the configurations?
Regards
Tim
07-28-2010 09:18 AM
I'm not sure what might be wrong since I think I seem to have a similar situation as yours? See if my post is on the same track and we can watch each other's for a possible answer? https://supportforums.cisco.com/message/3145825#3145825
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide