Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

static nat configuration help


I have the following setup that i am tasked with creating static nat for and i am a little lost with getting the correct nat working.

Here is the setup:

Internal servers behind firewall

Firewall external interface is

Firewall external interface is connected to inside gig0/0 interface on cisco router.

cisco router currently, it has a sub interface g0/0.5 with ip

on the outside cisco interface, serial1/0 is an ip,

Beyond serial1/0 are multiple remote hosts, such as...

these are remotely managed by another company.

Now, for the static nat, we want to do the following:

translate ->

translate ->

translate ->

Internal hosts behind the firewall would communicate via, 67 or 68, and the cisco router would translate these to appropriate addresses.

Note that,67,68 don't exist as yet, my understanding (which is possibly wrong) is that once nat is correctly setup they will just work and the cisco router will do the translations.

I've tried some different scenarios with ip nat inside, ip nat outside and nvi (Cisco IOS is 12.4(11)XW3) but am failing to get proper translation happening.

Most examples i've seen involve the internal "to be translated" address actually being an internal server, not something that gets configured on the cisco router by a nat translation.

Is this possible?

or have i got it completely wrong? i.e .should the addresses,67,68 be configured somewhere?

Thanks in advance,







Everyone's tags (1)

This can be accomplished with

This can be accomplished with static NAT. The command would look like

ip nat inside source static x.x.x.x x.x.x.x

You will also need to use ip nat inside on your "inside" interface and ip nat outside on the "outside" interface. For a little more information see the following link:

New Member

Michael,Thanks for your reply


Thanks for your reply, i had seen that doc before, but it wasn't enough to get things working for me. Most of the examples i have seen were similar to this, and involved nat where an internal host address was being nat'ed. In my case, the address to nat didn't exist on an internal host and to translate correctly i needed to define both and inside source static and an identical outside source static entry. I also had to change which interface was outside and inside.


int g0/0.5

ip nat outside

int serial1/0

ip nat inside

ip nat inside source static

ip nat outside source static


with that config my translation table looked like...

#sh ip nat tra

Pro Inside global      Inside local       Outside local      Outside global

---   ---                           ---              

---        ---                         ---

And debug ip nat detailed showed correct translations happening:

# ping from

Sep  4 06:18:07.807: NAT*: o: icmp (, 8494) -> (, 8494) [43]    

Sep  4 06:18:07.807: NAT*: o: icmp (, 8494) -> (, 8494) [43]

Sep  4 06:18:07.807: NAT*: s=, d=> [43]


if i had only an inside source static address then the translations never happened.

So i have a working config now.





CreatePlease to create content