Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco IOS NAT Question

Hi All,

I have the following basic static-NAT configured on a Cisco 382 (below). My question is this:  When the IP traffic traversse this router from the "inside" address to the "outside" address. Does the original IP header address get saved in any way? Or is it a complete replacement with the NAT IP? I'm seeing some strange stuff in an upstream firewall (logs).

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description FW_transit_net_3
ip address 172.26.2.162 255.255.255.248
ip nat inside
duplex auto
speed auto
media-type rj45
standby ip 172.26.2.161
standby priority 140
standby preempt
!
interface GigabitEthernet0/1
description FW_transit_net_2
ip address 172.26.2.133 255.255.255.248
ip nat outside
duplex auto
speed auto
media-type rj45
standby ip 172.26.2.132
standby priority 140
standby preempt
!
ip route 0.0.0.0 0.0.0.0 172.26.2.129
ip route 10.77.0.0 255.255.0.0 172.26.2.164
ip route 172.24.7.128 255.255.255.128 172.26.2.164
ip route 172.26.15.0 255.255.255.0 172.26.2.164
ip route 172.26.18.0 255.255.255.0 172.26.2.164
ip route 172.26.19.0 255.255.255.0 172.26.2.164
ip route 172.26.20.0 255.255.255.0 172.26.2.164
ip route 172.26.60.0 255.255.255.0 172.26.2.164
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.77.224.3 172.26.14.3
ip nat inside source static 172.25.60.51 172.26.14.13
ip nat inside source static 172.25.15.170 172.26.14.18
ip nat inside source static 172.25.15.182 172.26.14.54
ip nat inside source static 172.25.60.104 172.26.14.55
ip nat inside source static 172.25.15.217 172.26.14.59
ip nat inside source static 172.25.15.218 172.26.14.60
ip nat inside source static 10.77.224.150 172.26.14.65
ip nat inside source static 172.26.2.165 172.26.14.100
!


Thanks,

Mike

1 REPLY
Cisco Employee

Re: Cisco IOS NAT Question

Hello,

With NAT, the original IP header is not saved. With static NAT you are using, the ip nat commands build the entire translation table that describes the correspondence between internal and external addresses and how the IP header is modified when passign through a NATting device:

  • For traffic going from inside to outside, the source address is rewritten from inside local to inside global address
  • For traffic going from outside to inside, the destination address is rewritten from inside global to inside local address

Note please that this principle does not need any storage of "original" IP header. Simply matching for the appropriate IP address in the IP header and its rewriting according to the translation table is what the static NAT does in your case.

What problem are you experiencing?

Best regards,

Peter

311
Views
0
Helpful
1
Replies
CreatePlease to create content