Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS TCP OUTSIDE NAT Issue

Hi Guys,

i am in a confusion here if someone can guide me. Following is the scenario:

CISCO-3600 ( 1 Private IP, 1 PUblic IP)

Private IP: 192.168.0.1

Public IP: 193.169.0.1

Default Route : Public ISP

Machine

1st interface IP: 192.168.0.10

2nd Interface IP: 10.10.10.10

default route 10.10.10.1

static route for 193.169.0.1 gw 192.168.0.1

We are trying to do a outside TCP nat, so that if someone tries to access 80 port on 193.169.0.1 , it should go to 192.168.0.10 ;s 80 port.

We have been trying it with different scenarios/commands but were'nt successfull so. Any body can guide me in this.

(ip nat outside static source 193.169.0.1 80 182.168.0.10 80)

All other options are working. The only reason we want to outside is ; machine's default gateway is on the other side of lan.

thanks,

Shakeel

3 REPLIES
Purple

Re: IOS TCP OUTSIDE NAT Issue

Shakeel,

The NAT will work fine in the incoming direction. However, when it gets to your host, it will then route the packet out to 10.10.10.1, it's default gateway. That is why this breaks.

In order to fix this, point the default route on your machine to 192.168.0.1 and then enter in a bunch of specific routes for destinations that should be routed towards 10.10.10.1.

Hope that helps - pls do remember to rate posts that help.

Paresh

New Member

Re: IOS TCP OUTSIDE NAT Issue

Is there any possibility that System will get source address of 193.169.0.1 when a packet arrives and reply back (as it have a static route of the 193.169.0.1)

thanks.

Purple

Re: IOS TCP OUTSIDE NAT Issue

That would confuse things too much since you are using that same address for incoming sessions.

However, you can use some other private IP address to which you translate all outside source addresses.

For example, you could choose to use 192.168.254.0/24.

Then, you could use the following config to translate the outside source address:

ip nat pool Pool1 192.168.254.1 192.168.254.254 netmask 255.255.255.0

ip nat outside source list 10 pool Pool1

The, configure a route on the host machine as follows:

static route for 192.168.254.0/255.255.255.0 gw 192.168.0.1

Hope that helps - pls do remember to rate posts that help.

Paresh

116
Views
0
Helpful
3
Replies
CreatePlease to create content