NAT explanation

Unanswered Question
Apr 30th, 2012

ip nat inside source static tcp 10.0.0.3 80 86.96.201.7 80 extendable

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
dancicioiu Tue, 05/01/2012 - 01:27

Hi,

It will translate the packet arrived on

              a) outside interface with the destination IP 86.96.201.7 port 80/TCP to inside 10.0.0.3 port 80/TCP.

              b) inside interface with the source IP 10.0.0.3 port 80/TCP that has as destination interface outside

You are NATing the inside host. Extendable will allow you to use more the one static pat (port address translation ) with the same public ip.

Dan

omerpal1190 Tue, 05/01/2012 - 01:41

ip nat inside source static 10.5.50.9 89.144.102.179

is ther any difference between this command and above-mentioned command ?

dancicioiu Tue, 05/01/2012 - 01:50

Yes.

This will allow you to

               - use the public ip only for this translation

               - translate any traffic from and to the inside host ( 10.5.50.9 ) to the public ip

Dan

Peter Paluch Tue, 05/01/2012 - 12:47

Hello Dan,

Correct me please if I am wrong here but in this case:

ip nat inside source static tcp 10.0.0.3 80 86.96.201.7 80 extendable

the extendable keyword actually does nothing, as this translation is already fully specified by addresses, protocols and ports. The extendable keyword was more used with plain IP-to-IP translation and to be completely honest, to this day I have not fully understood its usage.

Best regards,

Peter

dancicioiu Tue, 05/01/2012 - 13:14

Hi Peter,

My understanding about the extendable option is that allows you to do PAT using the same outside global.

I do now that this option is available also on ip-ip and network-network static nat...but I do not see how could you apply the extandable in those cases ( ip-ip and net-net ).

I've done a quick test :

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

end

!

interface Loopback0

ip address 2.2.2.2 255.255.255.0

ip nat outside

ip virtual-reassembly

end

!

ip route 10.10.10.0 255.255.255.0 1.1.1.254

Commands :

R1(config)#ip nat inside source static tcp 10.10.10.10 80 2.2.2.10 80

R1(config)#ip nat inside source static tcp 10.10.10.11 81 2.2.2.10 81

R1(config)#

R1(config)#^Z

R1#sh run | i nat

ip nat outside

ip nat inside

ip nat inside source static tcp 10.10.10.10 80 2.2.2.10 80 extendable

ip nat inside source static tcp 10.10.10.11 81 2.2.2.10 81 extendable

R1#

The extendable keywork was automatically added.

I opened the NAT overview :

"The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address."

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Regards

Dan

ricmazuru Mon, 07/22/2013 - 00:29

hie;

Guys i have a 2911 Router with 3 interfaces (GIG) and 4 wic 10/100 which is connected to my lan and the 3 interfaces are connected to 3 ISP i want the correct NAT and Access-list to send emails from my mail server on 192.168.0.1 using ISP 3 who is on Gig0/2

Actions

Login or Register to take actions

This Discussion

Posted April 30, 2012 at 11:51 PM
Stats:
Replies:7 Avg. Rating:5
Views:3293 Votes:0
Shares:0

Related Content

Discussions Leaderboard