05-30-2008 12:03 AM - edited 03-03-2019 10:10 PM
Hi,
when using a more specific route-map static which includes ports tcp 25 iam not able to nat, no more traffic flows, when using static without tcp restrictions in the static command it works, but i only want to static nat some special ports.
my config is attached, please see the commented static parts.
Big Thx!
06-05-2008 02:22 PM
To enable Network Address Translation (NAT) of the inside source address, use the "ip nat inside source" command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.
06-05-2008 11:21 PM
????? iam using ip nat inside source
06-09-2008 10:04 AM
Going through smahbub's previous postings, it appears he just likes to cut-and-paste marginally relevant things from Cisco web pages.
This last cut-and-paste was from:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html
06-09-2008 10:12 AM
This happens constantly with "contributions" from said individual and others from the same firm.
Some people realize the deception and rate consequently.
Unfortunately, that doesn't appears to stop the flow of misinformation.
06-09-2008 11:39 PM
thx dude,
i still dont know why it wont work.
why is it working with:
ip nat static inside 10.10.10.2 XXX.XXX.XXX.XXX route-map RMAP_MX
but not with
ip nat static inside tcp 10.10.10.2 25 XXX.XXX.XXX.XXX 25 route-map RMAP_MX
?
iam very confused and need a solution :( :(
thx for your effort so far
06-10-2008 05:49 AM
Hello Peter,
If all you want is to map 10.10.10.2 TCP/25 over a public address xxx TCP/25 you shouldn't need to specify a route-map in the command it is just enough to specify all the parameters for the mappings.
So I will try the command without making any reference to the route-map because it is meaningless in your case.
Actually, if you look at the following link:
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1078863
the command syntax for port static nat is does not provide the route-map option:
ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] [no-alias] [no-payload]
So I would suggest:
ip nat inside source static tcp 10.10.10. 2 25 XXX.XXX.XXX.XXX 25
hope to help
Giuseppe
06-10-2008 05:52 AM
Hi Giuseppe,
i need the route-map because i have to exempt vpn traffic, with just only a static vpn traffic will be natted too, for example user of 172.XXXXXXXX will get a response with the public IP which is wrong.
see this: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
06-11-2008 02:33 AM
Hello Peter,
I had given a quick look at the route-map and I hadn't seen the whole picture.
However, as I have shown in the link im my previuos post when you specify a tcp port you cannot then provide a reference to a route-map in the same statement.
And your router is in release 12.3 as my link.
So I'm afraid you need to sacrifice a whole public IP address to your server to get the desired selective NAT behaviour.
best regards
Giuseppe
06-11-2008 02:43 AM
Hi Giu,
thx for ur reply, its bad that the cisco box will accept the command with the tcp restriction and a route-map but wont handle it correct, it should give an error while executing it....
Thats bad, so if i have for example a mailserver and a webserver but only 1 pub ip iam running into problems, due lack of pub ip amount. I still cant believe it that iam not able to do a static port translation with only 1 pub ip to different services on different services and make it available too in a vpn environment with the use of route-maps.
The next problem is when natting the whole pub ip, it seems to work all great (except the fact everything inbound will be forwarded to the mailserver and the access-list 183 seems to be ignored). when accessing via vpn its correctly not natted, but i get strange (non smtp rfc responses) seems like there is a smtp inspection or stuff like that running. why are the helo/ehlo messages different when accessing via vpn then via pub ip?
thx for ur help giu i appreciate that!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: