Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NATING Outside Global to Inside Local

Hi,

I need to create a static NAT entry on my gateway router to allow connection from a specific outside to my internal servers.

My external interface is fa0 and my internal interface is fa1. I could have use "ip nat outside source static" but, I have existing NAT entries for other live service that conflicts with my new settings. My current setting has fa0 (ip nat inside) and fa1 (ip nat outside) which is an inverse of how I need them to be.

Please assist with setup that I could use to access my internal servers from outside.

P.S: I have a spare public IP that could be used.

Elly

6 REPLIES

Re: NATING Outside Global to Inside Local

Have you tried something like this?

ip nat inside source

That will translate all ports, so if you want to restrict by port it would be something like this (this example is for HTTP).

ip nat inside source static tcp 80 80 extendable

Hope that helps.

New Member

Re: NATING Outside Global to Inside Local

It didn't work. Has I mentioned early, my existing NAT configuration conflicts with these ones. The interface are configured oppositely i.e fa0 is nat inside & fa1 is nat inside. Any other way?

Re: NATING Outside Global to Inside Local

It doesn't matter about NAT inside and NAT outside, you can still NAT in both directions. Can you post the results of "show run | i nat"? Please change your public IP's. Thanks.

New Member

Re: NATING Outside Global to Inside Local

ciscoinside#show run | i nat

ip nat inside

ip nat inside

ip nat outside

ip nat outside

ip nat outside

ip nat outside

ip nat inside source list 10 interface Vlan21 overload

ip nat inside source list 141 interface Vlan22 overload

ip nat inside source list local interface FastEthernet1 overload

ip nat inside source list local2 interface Vlan10 overload

ip nat inside source static 172.16.50.3 84.233.212.84

ciscoinside#show ip nat statistics

Total active translations: 6 (1 static, 5 dynamic; 5 extended)

Outside interfaces:

FastEthernet1, Vlan10, Vlan21, Vlan50

Inside interfaces:

FastEthernet0, Tunnel10

Hits: 1063250 Misses: 13863

CEF Translated packets: 1071145, CEF Punted packets: 126

Expired translations: 15828

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 interface Vlan21 refcount 0

[Id: 2] access-list 141 interface Vlan22 refcount 0

[Id: 3] access-list local interface FastEthernet1 refcount 2

[Id: 4] access-list local2 interface Vlan10 refcount 3

Queued Packets: 0

ciscoinside#

Re: NATING Outside Global to Inside Local

You already have one translation ip nat inside source static 172.16.50.3 84.233.212.84. You need to do the same thing, just with a different public IP.

New Member

Re: NATING Outside Global to Inside Local

It the same configuration I tried but with real IP addresses that I'm using and it haven't worked. I figured it could be something to do with they way NAT interfaces are configured. My external interface has ip nat inside.

218
Views
0
Helpful
6
Replies