cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
600
Views
0
Helpful
6
Replies

NATING Outside Global to Inside Local

Eliufoo.Mahinda
Level 1
Level 1

Hi,

I need to create a static NAT entry on my gateway router to allow connection from a specific outside to my internal servers.

My external interface is fa0 and my internal interface is fa1. I could have use "ip nat outside source static" but, I have existing NAT entries for other live service that conflicts with my new settings. My current setting has fa0 (ip nat inside) and fa1 (ip nat outside) which is an inverse of how I need them to be.

Please assist with setup that I could use to access my internal servers from outside.

P.S: I have a spare public IP that could be used.

Elly

6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

Have you tried something like this?

ip nat inside source

That will translate all ports, so if you want to restrict by port it would be something like this (this example is for HTTP).

ip nat inside source static tcp 80 80 extendable

Hope that helps.

It didn't work. Has I mentioned early, my existing NAT configuration conflicts with these ones. The interface are configured oppositely i.e fa0 is nat inside & fa1 is nat inside. Any other way?

It doesn't matter about NAT inside and NAT outside, you can still NAT in both directions. Can you post the results of "show run | i nat"? Please change your public IP's. Thanks.

ciscoinside#show run | i nat

ip nat inside

ip nat inside

ip nat outside

ip nat outside

ip nat outside

ip nat outside

ip nat inside source list 10 interface Vlan21 overload

ip nat inside source list 141 interface Vlan22 overload

ip nat inside source list local interface FastEthernet1 overload

ip nat inside source list local2 interface Vlan10 overload

ip nat inside source static 172.16.50.3 84.233.212.84

ciscoinside#show ip nat statistics

Total active translations: 6 (1 static, 5 dynamic; 5 extended)

Outside interfaces:

FastEthernet1, Vlan10, Vlan21, Vlan50

Inside interfaces:

FastEthernet0, Tunnel10

Hits: 1063250 Misses: 13863

CEF Translated packets: 1071145, CEF Punted packets: 126

Expired translations: 15828

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 interface Vlan21 refcount 0

[Id: 2] access-list 141 interface Vlan22 refcount 0

[Id: 3] access-list local interface FastEthernet1 refcount 2

[Id: 4] access-list local2 interface Vlan10 refcount 3

Queued Packets: 0

ciscoinside#

You already have one translation ip nat inside source static 172.16.50.3 84.233.212.84. You need to do the same thing, just with a different public IP.

It the same configuration I tried but with real IP addresses that I'm using and it haven't worked. I figured it could be something to do with they way NAT interfaces are configured. My external interface has ip nat inside.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: