Static one to one from multiple WAN's to one LAN (router)

Answered Question
Aug 7th, 2012

Hi,

I'm trying to setup more than one static translation to an internal IP.

Basically I have a customer who has a firewall on an internal LAN:

192.168.1.100

They have /28 block of IP's and they want them all pointing to the 192.168.1.100 address. I would usually do this via:

ip nat inside source static 192.168.1.100 8.8.8.8

This works fine for one external IP to the internal but as soon as I add the below  the router shoots back that 192.168.1.100 is already mapped to 8.8.8.8

ip nat inside source static 192.168.1.100 4.4.4.4

I understand why you could only have one internal IP mapped to an external address but I thought it would be okay for several external to one internal? Is this possible?

P.S, The obvious question here is going to be why not just put the public IP's straight on the firewall. I know this is the most obvious and easiest solution but due to certain factors this will not be possible in this instance. I won't go into why as it will just muddy the waters

Thanks

Andy

I have this problem too.
0 votes
Correct Answer by John Blakley about 1 year 8 months ago

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Correct Answer
John Blakley Tue, 08/07/2012 - 03:49

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

Busbyuk1979 Tue, 08/07/2012 - 05:05

It hasn't been specified yet. Assigning secondary addresses to the server however is a good idea and may solve the issue

Thanks


Andrew

Busbyuk1979 Fri, 08/10/2012 - 01:56

I actually found out how to do this.

Just add the extendable command at the end and it should hopefully then work fine

ip nat inside source static 192.168.1.100 4.4.4.4 extendable

ip nat inside source static 192.168.1.100 8.8.8.8 extendable

Can anyone confirm if this would be okay?

Thanks

Andy

Actions

Login or Register to take actions

This Discussion

Posted August 7, 2012 at 1:30 AM
Stats:
Replies:4 Avg. Rating:5
Views:727 Votes:0
Shares:0

Related Content

Discussions Leaderboard