Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Port translations - multiple source and destination - nat to same port

Trying to find a solution to this problem.

1. NAT source IP to a Loopback address based on (1) source IP and (2)destination IP and port.

2. Change destination port from 15101 and 15102 for all traffic to 15100 before traffic leaves router.

Step 1 is pretty simple using route-maps.

Step 2 is not functioning.

I am POSTIVE I had this code running fine on a 2610xm a couple years ago.. it is not working on a 2811.

Everything up to the last 4 IP NAT OUTSIDE statements works... Can anyone think of another method to accomplish step 2?

int loopback1

ip address 172.19.19.1 255.255.255.255

int loopback2

ip address 172.19.19.2 255.255.255.255

int loopback3

ip address 172.19.19.3 255.255.255.255

! router Addressing

fa0/0

ip address 10.0.0.1 255.255.255.0

ip nat inside

s0/0.1

ip address 172.20.180.1 255.255.255.0

ip nat outside

s0/0.2

ip address 172.20.184.1 255.255.255.0

ip nat outside

! ACLs for all 15101 traffic hosts A and B

ip access-list extended Port_15101

 permit tcp 10.0.0.5 255.255.255.255 host 172.20.180.20 eq 15101

 permit tcp 10.0.0.5 255.255.255.255 host 172.20.184.20 eq 15101

permit tcp 10.0.0.6 255.255.255.255 host 172.20.180.20 eq 15101

 permit tcp 10.0.0.6 255.255.255.255 host 172.20.184.20 eq 15101

!ACL for port 15102 traffic from host A

ip access-list extended Port_15102_A

 permit tcp 10.0.0.5 255.255.255.255 host 172.20.180.20 eq 15102

 permit tcp 10.0.0.5 255.255.255.255 host 172.20.184.20 eq 15102

!ACL for port 15102 traffic from host B

ip access-list extended Port_15102_B

 permit tcp 10.0.0.6 255.255.255.255 host 172.20.180.20 eq 15102

 permit tcp 10.0.0.6 255.255.255.255 host 172.20.184.20 eq 15102

! Route maps based on above ACLs

route-map Port_15101_NAT permit 10

match ip address Port_15101

route-map Port_15102_A_NAT permit 10

match ip address Port_15102_A

route-map Port_15102_B_NAT permit 10

match ip address Port_15102_B

! NAT'ing the inside source based on the route map

ip nat inside source route-map Port_15101_NAT interface loopback1 overload

ip nat inside source route-map Port_15102_A_NAT interface loopback2 overload

ip nat inside source route-map Port_15102_B_NAT interface loopback3 overload

! What I thought would work to Translate the ports for all traffic to 15100

ip nat outside source static tcp 172.20.180.20 15100 172.20.180.20 15101 extendable

ip nat outside source static tcp 172.20.180.20 15100 172.20.180.20 15102 extendable

ip nat outside source static tcp 172.20.184.20 15100 172.20.180.20 15101 extendable

ip nat outside source static tcp 172.20.184.20 15100 172.20.180.20 15102 extendable

1 REPLY
Silver

Re: Port translations - multiple source and destination - nat to

Below I am sending you a sample of the syntax to configure PAT, as well as some links on it, hope this is what you are looking for. Ususally the overload option is when you would like many IP's to translate to one IP, and the "overload" command is used

SAMPLE TO OVERLOAD TO ONE INTERFACE

router>enable

router#config t

router(config)#ip route 0.0.0.0 0.0.0.0 x.x.x.x. <-------

NOTE: x.x.x.x is the addres of the ISP, default gateway

router(config)#ip routing

router(config)#ip classless

NAT ( Remember that you need to use a public ip address to enable the

internal LAN to reach the Internet )

router>enable

router#config t

router(config)#ip nat inside source list 120 interface [name of the outisde

interface] overload

router(config)#access-list 120 permit ip [address of the LAN] [inverse mask

of the LAN ] any

router(config)#int [name of the interface ] <---LAN interface

router(config-if)#ip nat inside

router(config-if)#exit

router(config)#int [name of the interface ] <---INTERNET interface

router(config-if)#ip nat outside

router(config-if)#exit

For further information click this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00

80091cb9.shtml

192
Views
0
Helpful
1
Replies
CreatePlease to create content