I am trying to configure a 2811 so that it can both
use overloaded NAT inside to connect to the outside world via an ISP, and can also accept incoming traffic which I need to NAT the source address to ensure traffic goes via this router - during a change of ISP, where the internal default gateway is another router.
I can get outbound traffic working, and though some inside source static can route the external traffic inwards, but I don't seem to be able to change the source using ip outside source.
A brief version of the config (many IP nat inside removed, and external IP addresses changed.
Inside is 192.168.8.x , ISP is 126.96.36.199. public ip addresses 188.8.131.52/27
I'm wanting inbound traffic to look as if it has come from 192.168.8.72
! interface FastEthernet0/0 description intranet$ETH-LAN$ ip address 192.168.8.254 255.255.255.0 ip access-group 100 in no ip proxy-arp ip nbar protocol-discovery ip nat inside ip nat enable ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache duplex full speed 100 ! interface FastEthernet0/1 description To ISP $ETH-WAN$ bandwidth 10240 ip address 184.108.40.206 255.255.255.252 ip access-group 111 out no ip proxy-arp ip nbar protocol-discovery ip nat outside ip nat enable ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache duplex full speed 100 ! ip route 0.0.0.0 0.0.0.0 220.127.116.11 permanent ip route 192.168.8.0 255.255.255.0 FastEthernet0/0 permanent ip route 192.168.8.72 255.255.255.255 FastEthernet0/1 permanent ! ! ip nat pool ovrld 18.104.22.168 22.214.171.124 netmask 255.255.255.0 ip nat pool extpool 192.168.8.72 192.168.8.72 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld overload ip nat inside source static tcp 192.168.8.5 21 126.96.36.199 21 extendable ip nat inside source static tcp 192.168.8.33 25 188.8.131.52 25 extendable ip nat inside source static tcp 192.168.8.14 80 184.108.40.206 80 extendable ip nat inside source static tcp 192.168.8.14 443 220.127.116.11 443 extendable ip nat outside source list 3 pool extpool add-route ! !
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 3 deny 192.168.8.0 0.0.0.255 access-list 3 permit any
All help gratefully received to preserve what little hair this has left me!
I see from the configs that you have enabled both "ip nat outside/inside" and "ip nat enable" under the interfaces. Can you please remove "ip nat outside/inside" from the interface configurations and re-enter all the NAT configurations?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...