Can you please paste the exach line that "extendable" is used?
You may be referring to the "extended" keyword in ACLs defined for NAT. Extended word defines the type of ACL, (either used for NAT or filtering or tunneling). A Standard ACL has only one network entry, which is the source. Extended ACLs does have source, destination ,protocol and port. That helps you to create more specific entries.
Why did you do that? I mean why did you rate 1 ? I am trying to understand what you are talking about and trying to help you, that post was not for getting rated, ratings are used if your issue is resolved or not resolved or adds you knowledge. You rate people 1 if they corrupt your system with their suggestion, or if they make absolutely nonesense suggestions, and that 1 decreases their %
The extendable keyword "extends" the NAT translation. In simple terms it means it uses not just the IP address but also the port numbers. This would allow you to map two local addresses to the same global address on different ports.
One other thing, if it was you that rated Huseyin 1 then this is not appropriate as he was only asking for clarification so there should have been no rating for this. People are here to help and help with free advice.
If it wasn't you then please ignore the last bit.
Please provide an example for clarification.
Port numbers were specified in the commands, and I'm sure I've used the following without ever specifying the "extendable" keyword:
ip nat inside source static tcp 192.168.100.18 25 interface Ethernet1 25
ip nat inside source static tcp 192.168.100.20 110 interface Ethernet1 110
Is the keyword usage IOS release dependent?
I thought it was you, sorry about that
Thank you :), I sometimes dont understand why people treat people who are trying to help, like that. I am also a qualified expert in www.experts-exchange.com and we have moderators, expert care sections, dont we have moderators in here?
There is a moderator on NetPro and he does a very good job of monitoring what is going on. But if you allow people to rate answers there will always be a few people who mark inappropriately. It can't really be helped.
That is also why you need to be careful with making assumptions on who has rated.
Yes if you specify port numbers it is a bit redundant. From one of Cisco's NAT papers
"Extendable" static translations:
The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address.
ip nat inside source static
Some customers want to use more than one service provider and translate into each provider's address space. You can use route-maps to base the selection of global address pool on output interface as well as an access-list match. Following is an example:
ip nat pool provider1-space ...
ip nat pool provider2-space ...
ip nat inside source route-map provider1-map pool provider1-space
ip nat inside source route-map provider2-map pool provider2-space
route-map provider1-map permit 10
match ip address 1
match interface Serial0/0
route-map provider2-map permit 10
match ip address 1
match interface Serial0/1
Once that is working, they might also want to define static mappings for a particular host using each provider's address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as "extendable". For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation.
The absence of the use of the "extendable" keyword in your example leaves me with questions.
First, I'll paraphrase what I believe I've understood, and then I'll address the scenario I have questions about.
It appears that you are saying that the following won't work:
ip nat inside source static tcp 192.168.10.26 aaa.0.0.136
ip nat inside source static tcp 192.168.10.26 bbb.0.0.136
... that it should be configured as:
ip nat inside source static tcp 192.168.10.26 aaa.0.0.136 extendable
ip nat inside source static tcp 192.168.10.26 bbb.0.0.136 extendable
... to generate full un-ambiguous translations.
The following two statements are understood:
- For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation.
- For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation.
However, your earlier post stated:
"This would allow you to map two local addresses to the same global address on different ports."
In a NAT overload scenario:
Presumably this would not work (less than full translation):
ip nat inside source static tcp 192.168.0.100 aaa.bbb.ccc.ddd 80
ip nat inside source static tcp 192.168.0.200 aaa.bbb.ccc.ddd 21
... however, I am wondering if this:
ip nat inside source static tcp 192.168.0.100 80 aaa.bbb.ccc.ddd 80
ip nat inside source static tcp 192.168.0.200 21 aaa.bbb.ccc.ddd 21
.... is any different than this:
ip nat inside source static tcp 192.168.0.100 80 aaa.bbb.ccc.ddd 80 extendable
ip nat inside source static tcp 192.168.0.200 21 aaa.bbb.ccc.ddd 21 extendable
... which, much like Ismail884's example:
ip nat inside source static tcp 192.168.10.26 21 18.104.22.168 21 extendable
... looks redundant to me.
I don't see the need for the extendable keyword here. It looks like the extendable keyword is the redundancy, and not the port specifications.
I'm not trying to prove anyone wrong, or split hairs. It just felt like I was missing something when I started this reply (its taken a while to compose), and have arrived where I am now.
I've just encountered an alternative command format that I have not previously considered/used:
ip nat inside source static tcp inside-ip outside-ip 25 extendable
... perhaps this is the usage you were referring to.