Just port redirection ...

NISITNETC · ‎08-08-2013

Hello !

Not shure - but I think it must be very simple ...

I like to redirect requests to port 993 from IP1 to IP2. Both IP Adresses are public and in the same network. From a getway network they are routet - so I think at this point it mus be possible to redirect the request vom IP1 > IP2.

NAT is in use allready with inside/outside; see example:

interface GigabitEthernet0/0

description WAN < gateway

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip nat outside

(...)

interface Vlan70

description Management-LAN

ip address 192.168.99.1 255.255.255.0

ip nat inside

(...)

interface Vlan1

description VLAN1 < public IP1 and IP2

ip address yyy.yyy.yyy.yyy 255.255.255.128

(...)

ip nat inside source route-map NONAT interface GigabitEthernet0/0 overload

(...)

Happy about imput - thanks !

Kevin P Sheahan · ‎08-08-2013

You can redirect with static nat.

For example:

IP 1 = 11.11.11.11

IP 2 = 192.168.11.11

Dest port = 443

device(config)# ip nat inside source static tcp 192.168.11.11 11.11.11.11 443

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

NISITNETC · ‎08-08-2013

Thanks,

when I drop it with my IP Adresses I get this:

For example:

IP 1 = 55.101.101.101

IP 2 = 55.101.101.102

Dest port = 993

(...)

device(config)# ip nat inside source static tcp 55.101.101.101 55.101.101.102 993

^

% Invalid input detected at '^' marker.

(...)

My IOS is 15.2(4)M1 on a 1900 system.

Kevin P Sheahan · ‎08-08-2013

Hmmm.. well I did type a syntax error in my original reply in that there should be port identification after each ip address:

device(config)# ip nat inside source static tcp

I'm not sure of any caveats regarding static nat syntax with that IOS.. let me see if I have access to a device running close to this code and I'll verify.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

NISITNETC · ‎08-08-2013

Hm ...

- no "ip nat inside" on Vlan1 Interface ?

- what about inside < - > outside direction ?

When I drop this I get in my log (with exmaple IP as above):

Aug 8 08:20:30.752: %IP-4-DUPADDR: Duplicate address 55.101.101.102 on Vlan1, sourced by 000c..

ALIAOF_ · ‎08-08-2013

So you are trying to NAT an outside IP to another outside IP, 55.101.101.101 is not the inside IP. Why are you doing it like this why don't you just update the nat for 55.101.101.101 instead, sounds like you are making it a lot more complicated than it should be.

NISITNETC · ‎08-08-2013

Hi Mohammad Ali !

> So you are trying to NAT an outside IP to another outside IP

No.

> 55.101.101.101 is not the inside IP.

Outside is GigabitEthernet0/0 (transfer network) - the others are inside. Both, 55.101.101.101 and 55.101.101.102 are in VLAN1 - routet (example) public IP Adresses ...

> sounds like you are making it a lot more complicated than it should be.

Sorry, but I just want to redirect the request to IP1 on port 993 to IP2 on port 993. It may be complicated - that's why I'm asking the powerfull cisco brains here ...

See my drawing:

ALIAOF_ · ‎08-09-2013

Hum, and you said you already tried this and you get duplicate IP address error?

ip nat inside source static tcp 55.101.101.101 993 55.101.101.102 993 extendable