Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

both Source and destination natting on router


How can i source and destination nat at the same time.

let say any user connect through the internet will be translated to User access the destination but this destination then translates to

Source Destination source Translate Destination translate


I have given the follwing commands but source natting is working but not the destination nat.

ip nat pool TEST-POOL netmask

ip access-list extended Test-1

10 permit ip any host

ip nat inside source static extendable

ip nat outside source list Test-1 pool TEST-POOL

Cisco Employee

Re: both Source and destination natting on router


You need PAT for your inside local address and static NAT for your outside local address.

Config looks like this:

ip nat pool TEST-POOL netmask


ip nat inside source list 1 pool TEST-POOL overload


ip nat outside source static


access-list 1 permit any


Of course routers in the inside world needs a route to join and the Internet needs to know (I understand it's not the real addresses)



New Member

Re: both Source and destination natting on router

Hi Laurent,

This is otherway round. is my Public IP address. Any person from the internet connects to I want to translate source (ANY From Internet) to a private IP address Also want to translate the destination to which is private IP. I will give the route to anywhere inside my network.

See from the traffic incomming from the internet to my public IP address

public Source Internet*****Destination My Public IP*********Public Source translate to private IP**** Destination My Public translate to private IP address*********


Cisco Employee

Re: both Source and destination natting on router

PAT is not allowed from the outside to the inside so it will not work.

Why do you want to NAT the outside global address ? You should have a default route already available so your hosts can reach the internet right ?