Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static one to one from multiple WAN's to one LAN (router)

Hi,

I'm trying to setup more than one static translation to an internal IP.

Basically I have a customer who has a firewall on an internal LAN:

192.168.1.100

They have /28 block of IP's and they want them all pointing to the 192.168.1.100 address. I would usually do this via:

ip nat inside source static 192.168.1.100 8.8.8.8

This works fine for one external IP to the internal but as soon as I add the below  the router shoots back that 192.168.1.100 is already mapped to 8.8.8.8

ip nat inside source static 192.168.1.100 4.4.4.4

I understand why you could only have one internal IP mapped to an external address but I thought it would be okay for several external to one internal? Is this possible?

P.S, The obvious question here is going to be why not just put the public IP's straight on the firewall. I know this is the most obvious and easiest solution but due to certain factors this will not be possible in this instance. I won't go into why as it will just muddy the waters

Thanks

Andy

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Static one to one from multiple WAN's to one LAN (router)

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

HTH, John *** Please rate all useful posts ***
4 REPLIES

Static one to one from multiple WAN's to one LAN (router)

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Static one to one from multiple WAN's to one LAN (router)

It hasn't been specified yet. Assigning secondary addresses to the server however is a good idea and may solve the issue

Thanks


Andrew

New Member

Static one to one from multiple WAN's to one LAN (router)

I actually found out how to do this.

Just add the extendable command at the end and it should hopefully then work fine

ip nat inside source static 192.168.1.100 4.4.4.4 extendable

ip nat inside source static 192.168.1.100 8.8.8.8 extendable

Can anyone confirm if this would be okay?

Thanks

Andy

Static one to one from multiple WAN's to one LAN (router)

Andy,

I labbed this up and it works as well with no issues. Rated.

John

HTH, John *** Please rate all useful posts ***
984
Views
5
Helpful
4
Replies