ā01-14-2014 03:42 AM - edited ā03-04-2019 10:04 PM
Hi all,
I have a router connected to internet and a private LAN 192.168.5.X. Now all the trafic of my LAN have NAT to Internet side:
Interface dialer 1 IP NAT Outside.
Interface FE0/1 IP NAT INSIDE
access-list 101 permit ip any any
ip nat inside source list 101 interface Dialer1 overload
Now I would like to have the same configuration but also transforms one public IP to a private IP.
How can I configure the router to make inside NAT on the dialer 1 interface and outside nat on the FE0/1 interface to transform allways the same public IP 1.1.1.1 to the private IP 192.168.5.5 and make the same procedure when the packet goes to internet(192.168.5.5 -->1.1.1.1).
Thanks all.
Solved! Go to Solution.
ā01-14-2014 03:49 AM
Hi,
If I understand your problem correctly, you are doing nat overload on your outside interface and you would like to statically nat another public IP on the WAN to a specific IP on the LAN ?
If so then you can do ip nat inside source static 192.168.5.5 1.1.1.1
But you'll need to have this 1.1.1.1 IP routeable by your ISP.
Regards
Alain
Don't forget to rate helpful posts.
ā01-14-2014 03:48 AM
I would change the 101 acl to allow only the subnet that you're wanting instead of "any any".
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
Then to do your other request, you would configure another line for that single host:
ip nat inside source static 192.168.5.5 1.1.1.1
The above is one for one nat. You could also tie it down to a port:
ip nat inside source static tcp 192.168.5.5 80 1.1.1.1 80
HTH,
John
*** Please rate all useful posts ***
ā01-14-2014 03:49 AM
Hi,
If I understand your problem correctly, you are doing nat overload on your outside interface and you would like to statically nat another public IP on the WAN to a specific IP on the LAN ?
If so then you can do ip nat inside source static 192.168.5.5 1.1.1.1
But you'll need to have this 1.1.1.1 IP routeable by your ISP.
Regards
Alain
Don't forget to rate helpful posts.
ā01-14-2014 04:47 AM
Thanks for your help...
Yes, I'm doing nat overload on my outside interface and I would like to statically nat another public IP on the WAN to a specific IP on the LAN.
I don't know hot to use inside NAT on the WAN interface for this IP public and outside Nat in the WAN interface for all the rest of LAN traffic.
ā01-14-2014 04:07 AM
Hi,
You can't configure an interface as nat inside and nat outside at the same time but you can use NAT NVI syntax with ip nat enable under interfaces and the traffic flow along with nat statement will decide if it is an inside or outside interface.
But to allow public IP access to a private IP you need to do static NAT like we told you, are we misunderstanding something?
Regards
Alain
Don't forget to rate helpful posts.
ā01-14-2014 05:39 AM
I have read about NAT NVI and is not necesary to specify the inside or outside interface...
Could you help my with and example ?
Interface dialer 1 IP NAT
Interface FE0/1 IP NAT
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
ip nat inside source static 192.168.5.5 1.1.1.1
ā01-14-2014 07:26 AM
For that config, you'll need to remove your existing configuration from all interfaces. Your nat commands will change as well:
int dial1
no ip nat out
ip nat enable
int fa0/1
no ip nat in
ip nat enable
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
ip nat source list 101 inter dial1
ip nat source static 192.168.5.5 1.1.1.1
As Alain stated, your ISP will need to route whatever public address you're wanting to use. So, we're assuming that you have a block of addresses that have been assigned to you.
HTH,
John
*** Please rate all useful posts ***
ā01-14-2014 07:50 AM
Thanks for your help and your example...
I have an IP public static address asigned to an interface of my router... The router is PPOE client and always obtain the same IP.
If I try to access to the public IP(1.1.1.1) from internet to the port 443 I want that the router transforms this Public IP to 192.168.5.5 (this is the IP of an internal server).
Also the clients/users of the private network 192.168.4.0/24 send trafic to the router and the router NAT this traffic (overload) and sends it to the Wan interface.
ĀæReally the router knows that all the traffic from the 192.168.4.0/24 network needs to make NAT inside in the LAN interface and outside nat in the wan interface withouth IP Nat Inside outside command, and knows that all the traffic to the public IP 1.1.1.1 :443 needs nat INside in the wan interface and nat outside in the LAN interface to the 192.168.5.5 without ip nat insede/outside?
It's easy... I cannot try it now...
ā01-14-2014 10:09 AM
Hi,
both of your requirements are inside NAT because this is the IP of the inside server which is statically natted to the IP on the WAN side for your static NAT, with a static NAT the translation is bidirectional.
Now what you are asking here:
If I try to access to the public IP(1.1.1.1) from internet to the port 443 I want that the router transforms this Public IP to 192.168.5.5 (this is the IP of an internal server).
is static inside PAT: ip nat inside source static tcp 192.168.5.5 443 1.1.1.1 443 or with nat nvi syntax:
ip nat source static tcp 192.168.5.5 443 1.1.1.1 443
Regards
Alain
Don't forget to rate helpful posts.
ā01-14-2014 10:46 AM
Thanks Ā”Ā”
In this case the wan interface is the NAT inside and the lan interface the nat outside... to connect from internet to the server...
In the case of the internet users of my LAN the LAN interface is the Nat inside and the Wan interface is the NAt outside...
This is not correct?
Regards Ā”Ā”Ā”
ā01-14-2014 10:54 AM
Hi,
No in both cases the LAN interface is inside and the WAN is outside.
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide