Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

source ip for outgoing traffic


i have a 2821 hooked up to my isp and my lan. the isp interface is configured with a ip only routed inside the isp network. the inside ip is routed worldwide. now when i try to connect to a network outside the isp directly from the router the package get dropped at the isp border router.

can i tell the ios to use insides interface ip for source ip of outgoing connection? normaly you dont need that but i have a webvpn running on the box and no outside http servers are reachable because of that.

any hints, regards Martin

Super Bronze

Re: source ip for outgoing traffic

If you mean you want to do something like ping from the router itself, you can specify a different address or interface for the source IP.

If you mean you have devices behind your router, and their addresses aren't valid, you'll need to activate NAT.

New Member

Re: source ip for outgoing traffic

i want to initiate traffic from the router itself. not the networks behind the router, they are working well.

i know that i can choose the source address while using the ping command. but other traffic initiated by the router, in my case webvpn, should also have the inside ip as source addresse.

Basically it looks like this:

inet -> provider -[transfernet] -> my router -> my lan

My webvpn is running on inside interface, when a client connects from the internet and initiates a http connection to the internet my router uses the outside ip as source address. but the transfernetwork is only routed inside the provider backbone. so the packages get dropped at the edge. my lan networks are routed propper, also from the internet.


Super Bronze

Re: source ip for outgoing traffic

Think I understand. Your problem is webvpn not permitting Internet traffic to work correctly to the remote client (bouncing off your internal network). I'm unfamiliar with webvpn, but its solution might be allowance of split tunneling from the remote host. However, I can see reasons for doing what you want, such as additional security to/from the Internet.

Again, unfamiliar with webvpn. If I've stated the problem correctly, and no one else responds on this forum, you might try a post in the VPN forum.



Some other traffic types, from the router, can be told to have a specified source address.


ip ftp source-interface



Re: source ip for outgoing traffic

I think I can help with this. assuming

on your router, F0/0 is the ouside interface

and F0/1 is the inside interface. Here

we go:

int F0/1

ip address

ip nat inside

int F0/0

ip address

ip nat outside

ip nat inside source static tcp 80 interface FastEthernet0/0 80

ip nat inside source static tcp 443 interface FastEthernet0/0 443

Now Internet users will hit the outside

router IP and then router will translate

it into the internal IP.

Keep in mind that these things are designed

to work with hosts that sit behind the

router, NOT something that designs

to nat the outside ip of the router to

inside ip of the router, but you can

give that a try and see it its works for you.

CCIE Security

New Member

Re: source ip for outgoing traffic

thanks for pointing out the direction, but i didnt get it 100%. can we play this through with real values:

! Inside / officaly routed ip network

int gi 0/0

ip address

ip address secondary

! Outside / network to provider, only routed inside provider network

int gi 0/1

ip address

ip route

Webvpn is running on

Connections initiated from the router to outside should be rewritten to while leaving int gi0/1.



Re: source ip for outgoing traffic

"Connections initiated from the router to outside should be rewritten to while leaving int gi0/1."

Who is the one initiating the connection first?

Must be some users over the internet right?

For example, user(s) come from hitting ip on port 80/443? is that a

a correct assumption?

If the router is the one initiates connection

first, then I don't think it is possible.

New Member

Re: source ip for outgoing traffic

A Client on the internet authenticates at webvpn running on 112.229. Requesting a website, the router gets the website from over his outside interface and delivers the page to the client on the internet. Some sort of proxy. The router is the client for the webserver, initiating the connection to the webserver, rewriting the http content and sends it to to the client.

the client ip has not to be modified, it is the routers ip address while getting the http content from the internet.


CreatePlease to create content