Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is this possible with nat statements ?

The company I work for has a number of remote branches that are only able to route traffic on a 10.1.xxx.xxx network.

A requirement to allow these branches to connect to a public IP (port 2700) is proving somewhat of a headache - since the routes are unreachable. It is not possible to make changes on those routers as it is a managed network and would be costly.

I have a 1721 router that has two ethernet interfaces. I want to be able to use the inside interface (10.1.99.99) to 'proxy' these sessions onto the remote host (via the second e0) based on traffic hitting the 10.1.99.99 interface on port 2700.

Is this something that can be achieved using ip nat statements ?

Thanks in advance for any useful advice.

2 REPLIES
Hall of Fame Super Blue

Re: Is this possible with nat statements ?

Hi

Assuming your e0 interface on your router has a publically routable IP address you can use nat with a route map for this.

ip nat inside source route-map natclients interface e0 overload

access-list 101 permit ip 10.1.x.x 255.255.0.0 host "public ip"

route-map natclients permit 10

match ip address 120

If you only want to NAT internal clients when they are trying to communicate with the public IP on 2700 you can modify access-list 101 to

access-list 101 permit tcp 10.1.x.x 255.255.0.0 host "public IP" eq 2700

HTH

Jon

New Member

Re: Is this possible with nat statements ?

Thanks for the reply.

I managed to remedy the problem by placing a PIX 506 on the network and using dnat (using the alias command) to map an internal 10.1.xx.xxx address to the public IP address that I want the internal clients to reach.

Rgrds

111
Views
0
Helpful
2
Replies