04-28-2008 10:00 PM
Hi,
I need to create a static NAT entry on my gateway router to allow connection from a specific outside to my internal servers.
My external interface is fa0 and my internal interface is fa1. I could have use "ip nat outside source static" but, I have existing NAT entries for other live service that conflicts with my new settings. My current setting has fa0 (ip nat inside) and fa1 (ip nat outside) which is an inverse of how I need them to be.
Please assist with setup that I could use to access my internal servers from outside.
P.S: I have a spare public IP that could be used.
Elly
04-29-2008 05:27 AM
Have you tried something like this?
ip nat inside source
That will translate all ports, so if you want to restrict by port it would be something like this (this example is for HTTP).
ip nat inside source static tcp
Hope that helps.
04-30-2008 05:45 AM
It didn't work. Has I mentioned early, my existing NAT configuration conflicts with these ones. The interface are configured oppositely i.e fa0 is nat inside & fa1 is nat inside. Any other way?
04-30-2008 05:54 AM
It doesn't matter about NAT inside and NAT outside, you can still NAT in both directions. Can you post the results of "show run | i nat"? Please change your public IP's. Thanks.
05-01-2008 04:14 AM
ciscoinside#show run | i nat
ip nat inside
ip nat inside
ip nat outside
ip nat outside
ip nat outside
ip nat outside
ip nat inside source list 10 interface Vlan21 overload
ip nat inside source list 141 interface Vlan22 overload
ip nat inside source list local interface FastEthernet1 overload
ip nat inside source list local2 interface Vlan10 overload
ip nat inside source static 172.16.50.3 84.233.212.84
ciscoinside#show ip nat statistics
Total active translations: 6 (1 static, 5 dynamic; 5 extended)
Outside interfaces:
FastEthernet1, Vlan10, Vlan21, Vlan50
Inside interfaces:
FastEthernet0, Tunnel10
Hits: 1063250 Misses: 13863
CEF Translated packets: 1071145, CEF Punted packets: 126
Expired translations: 15828
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 interface Vlan21 refcount 0
[Id: 2] access-list 141 interface Vlan22 refcount 0
[Id: 3] access-list local interface FastEthernet1 refcount 2
[Id: 4] access-list local2 interface Vlan10 refcount 3
Queued Packets: 0
ciscoinside#
05-01-2008 05:12 AM
You already have one translation ip nat inside source static 172.16.50.3 84.233.212.84. You need to do the same thing, just with a different public IP.
05-01-2008 08:45 PM
It the same configuration I tried but with real IP addresses that I'm using and it haven't worked. I figured it could be something to do with they way NAT interfaces are configured. My external interface has ip nat inside.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: