Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT issue

I have a sytem on my LAN (192.168.100.1) that needs to be accessed from WAN, my inside global is (200.200.200.1/29). How do I define the NAT config?

ip nat inside source static 192.168.100.1 200.200.200.1

or

ip nat ouside source static 200.200.200.1 192.168.100.1

Where will I need ip nat inside destination.....?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: NAT issue

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

7 REPLIES
New Member

Re: NAT issue

Hello Just,

Is this for Router or firewall?

DAK

Hall of Fame Super Blue

Re: NAT issue

"How do I define the NAT config?"

ip nat inside source static 192.168.100.1 200.200.200.1

On your router

fa0/0 (LAN interface)

ip nat inside

fa0/1 (WAN interface)

ip nat outside

Jon

New Member

Re: NAT issue

What I am saying is that,

ip nat inside source static 192.168.100.1 200.200.200.1

the above command should be for translating private IP to public so I can get to the WEB. Is it same if I want to access that particular system with LAN IP 192.168.100.1 from the net?

Hall of Fame Super Blue

Re: NAT issue

The command is bi-directional. So

1) from inside it will translate the source IP address of 192.168.100.1 to 200.200.200.1

2) from outside it will translate the destination address of 200.200.200.1 to 192.168.100.1

So if you want to access the internal system with an IP of 192.168.100.1 from the net then connect to 200.200.200.1 from the net. Obviously the 192.168.100.1 is not routable on the net.

Jon

New Member

Re: NAT issue

you must use extended access list and port mapping

Hall of Fame Super Blue

Re: NAT issue

"you must use extended access list and port mapping"

No you don't. You can use port mapping if you want to map multiple private IP addresses to one public IP but that is not the case here. Or at least it doesn't look like that is a requirement.

Jon

New Member

Re: NAT issue

why dont you nat on 200.200.200.2

you have 6 IP addresses available ???

209
Views
0
Helpful
7
Replies