Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
547
Views
3
Helpful
5
Replies

Cisco Router NAT

girish_a
Level 1
Level 1

‎02-02-2004 12:58 PM - edited ‎03-02-2019 01:18 PM

Hi All,

Is there any way I can translate the source address of any packet coming into the Cisco Router to my internal network Address. I need it so that when the packet is passed to a pix firewall(which sits behind the router), the return packet has destination address of router which is again translated back to it's original source address. Please advise as to whether this is possible and if yes then how I can do it.

Here's my config

interface Ethernet0/0

ip address 216.68.40.1 255.255.255.128

ip nat inside

no ip split-horizon

full-duplex

!

interface Serial0/0

bandwidth 1556

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 199.72.217.254 255.255.255.252

ip nat outside

no ip mroute-cache

no cdp enable

frame-relay interface-dlci 509

!

router rip

version 2

network 199.72.217.0

network 216.68.40.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

no ip http server

Labels:
0 Helpful
5 Replies 5

chuck.price
Level 1
Level 1

‎02-02-2004 01:44 PM

You need to define your NAT statement.

Here's a link to a Cisco White paper on using NAT, about halfway down there are a lot of configuration examples that will get you up and going.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

chuck.price
Level 1
Level 1

‎02-02-2004 01:48 PM

Also, if you're going to do a lot of this; a good reference is the "Routing TCP/IP Vol II" book from Cisco Press. There's a very large section devoted to NAT.

0 Helpful

girish_a
Level 1
Level 1

‎02-02-2004 02:12 PM

Hi,

Here are the NAT statements.

With these statements my guess will be that any packet coming on Serial0/0.1 will be translated to an address from the test pool and on return path the destination address will be translated to the correct source adress

ip nat pool test 216.68.40.10 216.68.40.20 netmask 255.255.255.128

ip nat outside source list 120 pool test

access-list 120 permit ip any any

access-list 120 permit tcp any any

When I do debug ip packet detail command on the cisco router , I can see the packet getting translated to 216.68.40.10 address but then it never gets translated to the actual source address

Please advise.

0 Helpful

joserosa
Level 1
Level 1
In response to girish_a

‎02-04-2004 12:05 AM

What do you seen when you issue this command:

sh ip nat translations | inc 216.68.40.10

0 Helpful

girish_a
Level 1
Level 1
In response to joserosa

‎02-04-2004 11:50 AM

Hi,

The Problem was solved by interchanging the ip nat inside and the ip nat outside command

Here is the new configuration

interface Ethernet0/0

ip address 216.68.40.1 255.255.255.128

ip nat outside

no ip split-horizon

full-duplex

!

interface Serial0/0

bandwidth 1556

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 199.72.217.254 255.255.255.252

ip nat inside

no ip mroute-cache

no cdp enable

frame-relay interface-dlci 509

!

router rip

version 2

network 199.72.217.0

network 216.68.40.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

no ip http server

ip nat inside source list 120 interface Ethernet0/0 overload

access-list 120 permit ip any any

access-list 120 permit tcp any any

access-list 120 permit icmp any any

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents