Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Router NAT

Hi All,

Is there any way I can translate the source address of any packet coming into the Cisco Router to my internal network Address. I need it so that when the packet is passed to a pix firewall(which sits behind the router), the return packet has destination address of router which is again translated back to it's original source address. Please advise as to whether this is possible and if yes then how I can do it.

Here's my config

interface Ethernet0/0

ip address 216.68.40.1 255.255.255.128

ip nat inside

no ip split-horizon

full-duplex

!

interface Serial0/0

bandwidth 1556

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 199.72.217.254 255.255.255.252

ip nat outside

no ip mroute-cache

no cdp enable

frame-relay interface-dlci 509

!

router rip

version 2

network 199.72.217.0

network 216.68.40.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

no ip http server

5 REPLIES
New Member

Re: Cisco Router NAT

You need to define your NAT statement.

Here's a link to a Cisco White paper on using NAT, about halfway down there are a lot of configuration examples that will get you up and going.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

New Member

Re: Cisco Router NAT

Also, if you're going to do a lot of this; a good reference is the "Routing TCP/IP Vol II" book from Cisco Press. There's a very large section devoted to NAT.

New Member

Re: Cisco Router NAT

Hi,

Here are the NAT statements.

With these statements my guess will be that any packet coming on Serial0/0.1 will be translated to an address from the test pool and on return path the destination address will be translated to the correct source adress

ip nat pool test 216.68.40.10 216.68.40.20 netmask 255.255.255.128

ip nat outside source list 120 pool test

access-list 120 permit ip any any

access-list 120 permit tcp any any

When I do debug ip packet detail command on the cisco router , I can see the packet getting translated to 216.68.40.10 address but then it never gets translated to the actual source address

Please advise.

New Member

Re: Cisco Router NAT

What do you seen when you issue this command:

sh ip nat translations | inc 216.68.40.10

New Member

Re: Cisco Router NAT

Hi,

The Problem was solved by interchanging the ip nat inside and the ip nat outside command

Here is the new configuration

interface Ethernet0/0

ip address 216.68.40.1 255.255.255.128

ip nat outside

no ip split-horizon

full-duplex

!

interface Serial0/0

bandwidth 1556

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 199.72.217.254 255.255.255.252

ip nat inside

no ip mroute-cache

no cdp enable

frame-relay interface-dlci 509

!

router rip

version 2

network 199.72.217.0

network 216.68.40.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

no ip http server

ip nat inside source list 120 interface Ethernet0/0 overload

access-list 120 permit ip any any

access-list 120 permit tcp any any

access-list 120 permit icmp any any

245
Views
3
Helpful
5
Replies