Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Apply correct Nat

Experts,

I need to apply the correct NAT for a server that will be receiving a RDP connection, port 3389 and requires a Static NAT.

Attached my config, straight forward and small.  I currently have everyone leaving with this rule one nat rule:

Important Information to add:

Server Lan IP 192.168.1.20

Server Public IP: 200.1.1.5

Current Nat information:

ip nat pool test 200.1.1.6 200.1.1.6 prefix-length 24

ip nat inside source list 102 pool test overload

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

I tried:

ip nat inside source static 192.168.1.20 200.1.5 --> The commands where applied but the server didn't NAT

Step 2:

added

access-list 102 deny ip host 192.168.1.20 any --> To prevent this IP from going into "PAT" mode and hoping static NAT applies.

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

That didn't work either :-).  If I have to Re-do the entire NAT configuration in order to provide Internet access to my Static Server and the other internal 192.168.1.x Network I have a time window to test it.

Any help is appreciated.

Thanks,
Randall

  • LAN Switching and Routing
Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Apply correct Nat

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

3 REPLIES
Cisco Employee

Apply correct Nat

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

New Member

Apply correct Nat

Thanks Peter, I will give it a shot and send the results.

New Member

Apply correct Nat

Peter, I tested what you suggested and it didn't work.  I think it is related to the ISP because I saw the NAT translations.  What I had to do in order to fix it ran a port redirection, didn't think that would work but it did the trick.

182
Views
0
Helpful
3
Replies