NAT IP passthrough question

ian · ‎12-27-2006

I have a Cisco 1720 with a WIC-1DSU-T1 currently on IOS 12.3(21) running NAT. The T1 is the outside NAT connection on Searial0 and the Fast Ethernet port being inside NAT on FA0. But, I now have some devices I need to put behind this router that need public IP addresses, portforarding just won't work. Is there a way to run this without incorporating a second router? I have tried just added a static route statement as someone else had suggested with little luck.

I can use a WIC-1ENET card I have available if needed as well to add a second ethernet port. But I seem to keep running into the same problem of the serial connection listed as a NAT outside source.

tdrais · ‎12-27-2006

Depends if the machine itself must have ip configured on it or if it will tolerate a one to one nat. Only applications that embed the ip address will not and luckly this is getting less and less.

I would first try to static nat one of your new addresses to one of the inside machines and see if it works.

If you must have the address on the machine you will need to put another outside subnet on the router. This will waste 3 addresses 1 for the router and the network and broadcast. You can use a second interface or use a seconday address on the main interface.

With a different physical interface you will not have any nat issues since it is not a inside interface and nat will ignore the traffic. If you use a seconday address you can put a access list on your nat statement that only matches machines from the primary address range.

Now in theory you might get it to work with static routes to the ethernet interface itself along with some static routing on the PC. You would most likely also have to put in some static ARP entries. Not the best thing to be doing if you can get it to work using other methods.

ian · ‎12-27-2006

Thank you, that is exactly what I needed and solved the problem perfectly.