Cisco Support Community
Community Member

Basic NAT question

Sorry to ask what is probably a simple question but...

I want to assign a public address to a server that resides on the private subnet. Here is a brief summary:

router1 ip address:

router1 second ip :

router2 ip address:

server ip address: (behind router 2)

I want to be able to route traffic that has an IP address of to I'll only be sending web and mail.

Here is the existing config for router1:

version 12.0

ip subnet-zero

no ip domain-lookup


interface Ethernet0

description connected to Ethernet Hub

ip address

no ip directed-broadcast

ip nat outside


interface Serial0

no ip address

no ip directed-broadcast

no ip mroute-cache



interface Serial1

description connected to route2

ip address

no ip directed-broadcast

ip nat inside

service-module t1 remote-alarm-enable


ip nat inside source list 10 interface Ethernet0 overload

no ip classless

ip route Ethernet0

ip route Serial1

ip route Serial1

ip route


access-list 10 permit

access-list 10 permit

I have read the "Configuring Static and Dynamic NAT Simultaneously" but it just confused me. I think my problem understanding is that I am used to doing this on the Linux platform and can't seem to get the mechanics of that out of my head.

Could someone please straighten me out?

Thanks in advance.


Community Member

Re: Basic NAT question

Here is what you need:

Static translations with ports:

When translating addresses to an interface's address, outside-initiated connections to services on the inside network (like mail) will require additional configuration to send the connection to the correct inside host. This command allows the user to map certain services to certain inside hosts.

ip nat inside source static { tcp | udp }


ip nat inside source static tcp 25 25

In this example, outside-initiated connections to the SMTP port (25) will be sent to the inside host

The example showed above is just for static map a host's service to public. If you want to share the public address to the users that located in your private network, you still have to config the nat pool.

There is a point make me confuse. Why you set your default-gateway to interface Ethernet0 which is connect to a hub (according to your interface description)? Is that other routers on the same hub are IP proxy-arp enabled? But I think you should point the default-gateway to IP address. It will make the routing more clear.

Community Member

Re: Basic NAT question


Thank you for you reply. I'll get to try it tomorrow.

The reason the default gateway is set the to E0 is because this router is coming into my network and then I'm routing it out to the Internet through another router.

Community Member

Re: Basic NAT question

The problem with setting a default gateway to E0, rather than a next hop address is that this router won't know the IP address of the forwarding router.

Without the IP address, your router won't be able to get the MAC address of the next hop to actually send data to be forwarded over the ethernet.

I suppose ICMP router discovery might work here, but not well if you had more than one router... and I'm not sure that Cisco does an ICMP router discovery when you set your next hop to an ethernet interface rather than an IP address.

With a serial connection, setting a route to a serial interface is fine, since there's only one device at the other end to receive all the data. Ethernet is point-to-multipoint and you need to be specific about which device on the ethernet you intend to send packets to that need to be forwarded.


CreatePlease to create content