I have the following basic static-NAT configured on a Cisco 382 (below). My question is this: When the IP traffic traversse this router from the "inside" address to the "outside" address. Does the original IP header address get saved in any way? Or is it a complete replacement with the NAT IP? I'm seeing some strange stuff in an upstream firewall (logs).
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 description FW_transit_net_3 ip address 172.26.2.162 255.255.255.248 ip nat inside duplex auto speed auto media-type rj45 standby ip 172.26.2.161 standby priority 140 standby preempt ! interface GigabitEthernet0/1 description FW_transit_net_2 ip address 172.26.2.133 255.255.255.248 ip nat outside duplex auto speed auto media-type rj45 standby ip 172.26.2.132 standby priority 140 standby preempt ! ip route 0.0.0.0 0.0.0.0 172.26.2.129 ip route 10.77.0.0 255.255.0.0 172.26.2.164 ip route 172.24.7.128 255.255.255.128 172.26.2.164 ip route 172.26.15.0 255.255.255.0 172.26.2.164 ip route 172.26.18.0 255.255.255.0 172.26.2.164 ip route 172.26.19.0 255.255.255.0 172.26.2.164 ip route 172.26.20.0 255.255.255.0 172.26.2.164 ip route 172.26.60.0 255.255.255.0 172.26.2.164 ! ! no ip http server no ip http secure-server ip nat inside source static 10.77.224.3 172.26.14.3 ip nat inside source static 172.25.60.51 172.26.14.13 ip nat inside source static 172.25.15.170 172.26.14.18 ip nat inside source static 172.25.15.182 172.26.14.54 ip nat inside source static 172.25.60.104 172.26.14.55 ip nat inside source static 172.25.15.217 172.26.14.59 ip nat inside source static 172.25.15.218 172.26.14.60 ip nat inside source static 10.77.224.150 172.26.14.65 ip nat inside source static 172.26.2.165 172.26.14.100 !
With NAT, the original IP header is not saved. With static NAT you are using, the ip nat commands build the entire translation table that describes the correspondence between internal and external addresses and how the IP header is modified when passign through a NATting device:
For traffic going from inside to outside, the source address is rewritten from inside local to inside global address
For traffic going from outside to inside, the destination address is rewritten from inside global to inside local address
Note please that this principle does not need any storage of "original" IP header. Simply matching for the appropriate IP address in the IP header and its rewriting according to the translation table is what the static NAT does in your case.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...