Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Doubt configuring NAT

Hi all,

I have a router connected to internet and a private LAN 192.168.5.X. Now all the trafic of my LAN have NAT to Internet side:

Interface dialer 1 IP NAT Outside.

Interface FE0/1   IP NAT INSIDE

access-list 101 permit ip any any

ip nat inside source list 101 interface Dialer1 overload

Now I would like to have the same configuration but also transforms one public IP to a private IP.

How can I configure the router to make inside NAT on the dialer 1 interface and outside nat on the FE0/1 interface to transform allways the same public IP 1.1.1.1 to the private IP 192.168.5.5 and make the same procedure when the packet goes to internet(192.168.5.5 -->1.1.1.1).

Thanks all.

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Doubt configuring NAT

Hi,

If I understand your problem correctly, you are doing nat overload on your outside  interface and you would like to statically nat another public IP on the WAN to a specific IP on the LAN ?

If so then you can do ip nat inside source static 192.168.5.5 1.1.1.1

But you'll need to have this 1.1.1.1 IP routeable by your ISP.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
10 REPLIES

Doubt configuring NAT

I would change the 101 acl to allow only the subnet that you're wanting instead of "any any".

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

Then to do your other request, you would configure another line for that single host:

ip nat inside source static 192.168.5.5 1.1.1.1

The above is one for one nat. You could also tie it down to a port:

ip nat inside source static tcp 192.168.5.5 80 1.1.1.1 80

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Purple

Doubt configuring NAT

Hi,

If I understand your problem correctly, you are doing nat overload on your outside  interface and you would like to statically nat another public IP on the WAN to a specific IP on the LAN ?

If so then you can do ip nat inside source static 192.168.5.5 1.1.1.1

But you'll need to have this 1.1.1.1 IP routeable by your ISP.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Doubt configuring NAT

Thanks for your help...

Yes, I'm doing nat overload on my outside  interface and I would like to statically nat another public IP on the WAN to a specific IP on the LAN.

I don't know hot to use inside NAT on the WAN interface for this IP public and outside Nat in the WAN interface for all the rest of LAN traffic.

Purple

Doubt configuring NAT

Hi,

You can't configure an interface as nat inside and nat outside at the same time but you can use NAT NVI syntax with ip nat enable under interfaces and the traffic flow along with nat statement will decide if it is an inside or outside interface.

But to allow public IP access to a private  IP you need to do static NAT like we told you, are we misunderstanding something?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Doubt configuring NAT

I have read about NAT NVI and is not necesary to specify the inside or outside interface...

Could you help my with and example ?

Interface dialer 1 IP NAT

Interface FE0/1   IP NAT

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

ip nat inside source static 192.168.5.5 1.1.1.1

Doubt configuring NAT

For that config, you'll need to remove your existing configuration from all interfaces. Your nat commands will change as well:

int dial1

no ip nat out

ip nat enable

int fa0/1

no ip nat in

ip nat enable

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

ip nat source list 101 inter dial1

ip nat source static 192.168.5.5 1.1.1.1

As Alain stated, your ISP will need to route whatever public address you're wanting to use. So, we're assuming that you have a block of addresses that have been assigned to you.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: Doubt configuring NAT

Thanks for your help and your example...

I have an IP public static address asigned to an interface of my router... The router is PPOE client and always obtain the same IP.

If I try to access to the public IP(1.1.1.1) from internet to the port 443 I want that the router transforms this Public IP to 192.168.5.5 (this is the IP of an internal server).

Also the clients/users of the private network 192.168.4.0/24 send trafic to the router and the router NAT this traffic (overload) and sends it to the Wan interface.

¿Really the router knows that all the traffic from the 192.168.4.0/24 network needs to make NAT inside in the LAN interface and outside nat in the wan interface withouth IP Nat Inside outside command, and knows that all the traffic to the public IP 1.1.1.1 :443 needs nat INside in the wan interface and nat outside in the LAN interface to the 192.168.5.5 without ip nat insede/outside?

It's easy... I cannot try it now...

Purple

Doubt configuring NAT

Hi,

both of your requirements are inside NAT because this is the IP of the inside server which is statically natted to the IP on the WAN side for your static NAT, with a static NAT the translation is bidirectional.

Now what you are asking here:

If I try to access to the public IP(1.1.1.1) from internet to the port  443 I want that the router transforms this Public IP to 192.168.5.5  (this is the IP of an internal server).

is static inside PAT: ip nat inside source static tcp 192.168.5.5 443 1.1.1.1 443 or with nat nvi syntax:

ip nat source static tcp 192.168.5.5 443 1.1.1.1 443

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Doubt configuring NAT

Thanks ¡¡

In this case the wan interface is the NAT inside and the lan interface the nat outside... to connect from internet to the server...

In the case of the internet users of my LAN the LAN interface is the Nat inside and the Wan interface is the NAt outside...

This is not correct?

Regards ¡¡¡

Purple

Doubt configuring NAT

Hi,

No in both cases the LAN interface is inside and the WAN is outside.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
228
Views
20
Helpful
10
Replies
CreatePlease login to create content