cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2195
Views
0
Helpful
3
Replies

Static NAT outside, dynamic NAT inside

timhavenhand
Level 1
Level 1

I am trying to configure a 2811 so that it can both

use overloaded NAT inside to connect to the outside world via an ISP, and can also accept incoming traffic which I need to NAT the source address to ensure traffic goes via this router - during a change of ISP, where the internal default gateway is another router.

I can get outbound traffic working, and though some inside source static can route the external traffic inwards, but I don't seem to be able to change the source using ip outside source.

A brief version of the config (many IP nat inside removed, and external IP addresses changed.

Inside is 192.168.8.x  , ISP is 80.111.192.178. public ip addresses 80.111.193.33/27

I'm wanting inbound traffic to look as if it has come from 192.168.8.72


!
interface FastEthernet0/0
description  intranet$ETH-LAN$
ip address 192.168.8.254 255.255.255.0
ip access-group 100 in
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip nat enable
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex full
speed 100
!
interface FastEthernet0/1
description To ISP $ETH-WAN$
bandwidth 10240
ip address 80.111.192.178 255.255.255.252
ip access-group 111 out
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip nat enable
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex full
speed 100
!
ip route 0.0.0.0 0.0.0.0 80.111.192.177 permanent
ip route 192.168.8.0 255.255.255.0 FastEthernet0/0 permanent
ip route 192.168.8.72 255.255.255.255 FastEthernet0/1 permanent
!
!
ip nat pool ovrld 80.111.198.33 80.111.198.33 netmask 255.255.255.0
ip nat pool extpool 192.168.8.72 192.168.8.72 netmask 255.255.255.0
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.8.5 21 80.111.198.33 21 extendable
ip nat inside source static tcp 192.168.8.33 25 80.111.198.33 25 extendable
ip nat inside source static tcp 192.168.8.14 80 80.111.198.33 80 extendable
ip nat inside source static tcp 192.168.8.14 443 80.111.198.33 443 extendable
ip nat outside source list 3 pool extpool add-route
!
!

access-list 1 permit 192.168.8.0 0.0.0.255

access-list 3 deny   192.168.8.0 0.0.0.255
access-list 3 permit any

All help gratefully received to preserve what little hair this has left me!

3 Replies 3

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

I see from the configs that you have enabled both "ip nat outside/inside" and "ip nat enable" under the interfaces. Can you please remove "ip nat outside/inside" from the interface configurations and re-enter all the NAT configurations?

Hope this helps.

Regards,

NT

Hi,

Thanks for that.

I tried removing the ip nat inside/outside and reentering the NAT configurations, but lost connectivity (via the ip nat inside source list 1 pool ovrld overload) from inside to outside.

I suspect I am missing something about how I should reneter the configurations?

Regards

Tim

Shawn Lebbon
Level 1
Level 1

I'm not sure what might be wrong since I think I seem to have a similar situation as yours?  See if my post is on the same track and we can watch each other's for a possible answer?   https://supportforums.cisco.com/message/3145825#3145825

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: