Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static NAT

I need to have 2 static NAT statements to one inside IP address for FTP on a 6500. Is this possible? If so, what is the command syntax?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Static NAT

A route-map allows you to do policy NAT. Policy NAT gives you the ability in your case, to define the NAT based on the source IP addresses accessing the FTP server.

So if one set of source IP addresses needed to access the FTP server on one public IP and another set of source addresses (totally different source IP's) needed to access the FTP server on the other one then you could do it.

So are the source IP addresses like this or could it be any source IP address accessing either public IP address, in which case you can't do it.

Jon

12 REPLIES
Bronze

Re: Static NAT

I assume you are talking about static natting in your firewall. If so, you cannot PAT the same port to the same address.

regards,

New Member

Re: Static NAT

I am talking about static NAT in a 6500 switch.

Hall of Fame Super Blue

Re: Static NAT

Mike

You can't NAT two IP addresses to the same private IP address on the same port because the switch has no way of knowing which private to public IP address you want to use - remember static NAT is bi-directional so if a connection was initiated from the private address how would the switch know which public IP address to map it to.

Jon

New Member

Re: Static NAT

Seperate ports on the 6500. Eg.

Port 1 --- Outside network

Port 2 --- Different outside network

Port 3 --- Inside network

Hall of Fame Super Blue

Re: Static NAT

Sorry Mike i'm a bit confused. When i talked about ports i meant TCP ports not physical switch ports. Are you talking about physical switch ports ?

Jon

New Member

Re: Static NAT

Well, both. They both have to be NATed to an internal FTP server. So outside FTP 1 (X.X.X.X) and outside FTP 2 (Y.Y.Y.Y) both need to go to inside FTP address (Z.Z.Z.Z). So I see that there is a route-map available on the static nat commands. Was hoping this was the way to do it, if any.

Hall of Fame Super Blue

Re: Static NAT

A route-map allows you to do policy NAT. Policy NAT gives you the ability in your case, to define the NAT based on the source IP addresses accessing the FTP server.

So if one set of source IP addresses needed to access the FTP server on one public IP and another set of source addresses (totally different source IP's) needed to access the FTP server on the other one then you could do it.

So are the source IP addresses like this or could it be any source IP address accessing either public IP address, in which case you can't do it.

Jon

New Member

Re: Static NAT

Jon,

That is what I am trying to do. It is not any source IP addresses, it is specific ones (from seperate networks) trying to get to the same FTP server. I just don't know the syntax on the 6500. I have only done it on ASA.

Mike

New Member

Re: Static NAT

Jon,

I found this document.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html#wp1024922

This is what I needed to do. Thanks for pointing me in the right direction.

Mike

Hall of Fame Super Blue

Re: Static NAT

Mike

Was just about to send you that link :-)

Thanks for the rating.

Jon

Bronze

Re: Static NAT

Mike,

Thanks for sharing the link.

Regars,

Bronze

Re: Static NAT

This applies to switches as well.

199
Views
0
Helpful
12
Replies