Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Source Static & Source List

Hi guys, I was just wondering what is the difference between the two. As far as I know, the only difference is that source list can be used to define a range of addresses (e.g an entire subnet) whereas source static will only cover the specified IP address. Is this the only difference?

The reason why I ask is because I have seen a config which uses both commands for the one IP address. Eg.

ip nat inside source list NAT interface GigabitEthernet0/1 overload

ip nat inside source static tcp 10.11.11.1 8080 interface GigabitEthernet0/1 8080

ip access-list standard NAT_LIST

permit 10.11.11.1

Why is it necessary to put the IP as part of a list and a static assignment?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Source Static & Source List

Yes, that is correct, normally if one have spare public IP addresses if we assume this scenario one would simply write several " ip nat inside source static "local_ IP" "global_ip " addresses and create access-list permiting traffic for specific ports or have acls wide opened for any tcp/udp ports inbound.

Rgds

Jorge

4 REPLIES

Re: Source Static & Source List

Hi Will,

As you indicated the two NAT statements have differences and specific purposes. The “The ip nat inside source list NAT interface GigabitEthernet0/1 overload “ creates dynamic NAT whereby inside source IP addresses will be translated using outside gig0/1 interface IP address. The “ Interface “ is telling router to use Gig0/1 as its global NAT address , because your access list only permits 10.11.11.1 this will translate only this host using gig0/1 address for outbound connections , if the acl was “ permit 10.11.11.0 it would permit any inside host in the 10.11.11.0 subnet for outbound connections, also it is noted your access-list name NAT_LIST does not match the name in your ip nat source list “NAT” which I tend to believe access list is not doing anything and router is processing dynamic NAT for all your inside hosts to outside .

As for the"ip nat inside source static tcp 10.11.11.1 8080 interface GigabitEthernet0/1 8080 " this is for inbound connections TCP port 8080 redirection to host 10.11.11.1 using gigabitethernet0/1 interface as the global NAT outside address to inside host 10.11.11.1. I believe the format of this NAT statement could be used when there is only one public IP address which in this case is the IP address of Gigabitethernet0/1 interface as your outside interface and you want to use this interface to redirect different TCP/UDP ports traffic to specific inside hosts using just one global NAT address. You will also need an acl permitting inbound traffic to host 10.11.11.1 from outside.

HTH

Jorge

New Member

Re: Source Static & Source List

ahh I see, just as I thought. So source list is basically NAT and source static is also NAT but with port forwarding too?

Re: Source Static & Source List

Yes, that is correct, normally if one have spare public IP addresses if we assume this scenario one would simply write several " ip nat inside source static "local_ IP" "global_ip " addresses and create access-list permiting traffic for specific ports or have acls wide opened for any tcp/udp ports inbound.

Rgds

Jorge

New Member

Re: Source Static & Source List

Excellent, thanks for the info.

148
Views
5
Helpful
4
Replies