Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change source IP on public interface

So i have following situation:

ISP gave me /28 public IP subnet and now i have multiple public IPs. I configured NAT overload with 1st IP from that subnet for LAN clients to gain internet access and that works. I forwarded ports 25,80 and 443 from 2nd IP to the mail server and that works also OK, but if i got to www.whatismyip.com from mail server it shows 1st IP. How can i tell router to send all traffic from mail server to internet with source of 2nd IP?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Damir, I understood your

Hi Damir,

 

I understood your requirement. We should create a specific static NAT for the host 192.168.1.10 to take 1.1.1.2 as it public IP. Rest of the hosts in subnets will have the public IP as 1.1.1.1. All we need here is to create a non-overlapping rules. All static rules for NAT should be on priority then it comes for the general PAT.

 

can you create a static NAT rule sin priority like this

Static nat for 25,80,443

Static NAT for 192.168.1.10 to have 1.1.1.2

then configure with the generic PAT as you have it now.

 

Regards

Karthik

7 REPLIES
New Member

Insufficient of data, but in

Insufficient of data, but in general:

You must NAT second IP, and assign it to mail server. Also allow route to Internet form mail server.

New Member

When you say i need to NAT

When you say i need to NAT second IP, you mean 1:1 NAT? In that case i need ACL to allow only some ports to that public IP right and i need to apply it on outside interface?

for your reqruirement for

for your reqruirement for whatsmyip.com.... it is an outbound connection..... so it has to be allowed in the acl interface where the server is connected.... either dmz/inside whereever you have..... the return traffic from internet will be handled by the stateful inspection......

 

Regards

Karthik

New Member

Hi, i think you missed the

Hi, i think you missed the point here.

 

So i have 1.1.1.1 and 1.1.1.2 on WAN interface. Which set of commands i need to execute so that all outgoig traffic from server on 192.168.1.10 has 1.1.1.2 as a public source IP and rest of the machines have 1.1.1.1 (last one is easy - overload on whole private subnet)?

 

Hi Damir, I understood your

Hi Damir,

 

I understood your requirement. We should create a specific static NAT for the host 192.168.1.10 to take 1.1.1.2 as it public IP. Rest of the hosts in subnets will have the public IP as 1.1.1.1. All we need here is to create a non-overlapping rules. All static rules for NAT should be on priority then it comes for the general PAT.

 

can you create a static NAT rule sin priority like this

Static nat for 25,80,443

Static NAT for 192.168.1.10 to have 1.1.1.2

then configure with the generic PAT as you have it now.

 

Regards

Karthik

New Member

Thank you.

Thank you.

Hi Damir, Here in your

Hi Damir,

 

Here in your scenario the port  enabled for the incoming traffic towards mail server.... but when you give whatismyip.com it takes the general PAT path and gives you 1st IP. I hope you got the hint to modify the NAT priority and statements as per your requirement to get that done.

 

your port-forwarding rule is specific to port 25/80/443 towards specifc server IP (say mapped ip 1.1.1.1(public) real ip 172.16.0.100(private)). So when you access from inside to outside your port-forward nat rule will not match hence it takes the general path...

 

But you don need to worry about the situation here for you.....

 

if you need that to show the NAted IP address used for port forwarding. But make sure that it should nt get clash

object network server

host 172.16.1.100

nat (inside, outside) static <IP address>

 

Regards

Karthik
 

129
Views
0
Helpful
7
Replies
CreatePlease to create content