Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

nat problem

when an inside server get static translated to a inside global address

can I use the global address to access the server from inside host?

it seems not work

I wonder the work process about cisco nat


New Member

Re: nat problem

detailed configuration:

interface Ethernet0

ip address

ip nat inside


interface Ethernet1

ip address

ip nat outside


ip nat inside source list 9 interface Ethernet1 overload

ip nat inside source static tcp 23 interface Ethernet1 1500


access-list 9 permit

New Member

Re: nat problem

It will not work.

For NAT to work a packet has to transit through both an inside and an outside interface. The only way to make it work is to use a loopback interface as NAT outside and policy route the traffic for your inside translated host out of that interface and add a further NAT translation of the loopback.


The tcp packet addressed to port 1500 (which is the Eth1 address that translates to port 23) when is incoming from eth0 (route map match source interface and destination IP) is routed to loopback 1 and since it goes out of an ip nat outside interface is translated.

Then it comes back in from the same interface (is a loopback) and since it still is an IP nat outside interface can be translated to whatever we want.

Then standard routing applies.

You will need an IP plus image to support policy routing.

Ensure there is enough CPU to handle the forecasted level of traffic between the two natting interfaces at ethernet speed (eth0 and loopback), without affecting router performance.

Fabio Sardone

CreatePlease login to create content