https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19709#M620073 <HTML><HEAD></HEAD><BODY><P>Thanks a lot for your reply.</P><P></P><P> I have nat (ouside) one public ip</P><P> Nat (global) opne public ip</P><P>I created a static nat like</P><P> nat (inside,outside) tcp x.x.x.x 5000 10.1.2.1 5000</P><P>nat (inside,outside) tcp x.x.x.x 5001 10.1.2.2 5001</P><P>My intension was that these two systems should have a bi directional communication with a windows vpn server using the same public address.</P><P>I opened up port 1723 and gre port using conduit statements</P><P>When first tried to connect from 10.1.2.1 it connected successfully. But when i tried to connect from the second system using same windows vpn i am getting an error message like</P><P></P><P> The Specified port is not connected.</P><P> When gave show xlate command i seen the first command</P><P></P><P> global x.x.x.x local 10.1.2.1 static.</P><P>I disconnected from the 10.1.2.1 system and after two hourse(since xlate timout was 1:00:00) from the 10.1.2.2 system but still the same error. I removed the static mapping for the 10.1.2.1 but when i typed in </P><P> show xlate</P><P>still that mapping is there and it is not removed.</P><P></P><P> Can you please advice me how to go about for this problem</P><P></P><P> Thanks in Advance</P><P></P><P> J.Karthik</P><P></P><P></P></BODY></HTML> Wed, 07 Aug 2002 06:38:01 GMT kjanakiraman 2002-08-07T06:38:01Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19707#M620071 <P></P><P> Hi,</P><P></P><P> I heard that with the latest cisco ios 6.x we could map a single private ip address with many private ip address like we do nat overload in the cisco router. Is it true and if so how it can be done.</P><P></P><P> Thanks in Advance</P><P></P><P> J.Karthik</P> Fri, 21 Feb 2020 06:11:36 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19707#M620071 kjanakiraman 2020-02-21T06:11:36Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19708#M620072 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>what you can do is use the "interface" keyword, or a single public IP, in the global command:</P><P></P><P>ex1:</P><P></P><P>nat (inside) 1 10.0.0.0 255.0.0.0</P><P>global (outside) 1 interface</P><P></P><P>ex2:</P><P></P><P> nat (inside) 1 10.0.0.0 255.0.0.0</P><P> global (outside) 1 62.110.145.22 255.255.255.255</P><P></P><P>In these examples, the nat is dynamic (PAT) and is never possible initiate connections from outside net to inside net.</P><P></P><P>To initiate connection from outside net to inside net, instead, you can use the keyword "outside" in the nat command:</P><P></P><P>ex3:</P><P></P><P>nat (outside) 1 200.200.200.0 255.255.255.0 outside</P><P>global (inside) 1 interface</P><P></P><P>But the connections are still unidirectional.</P><P></P><P>To permit connection in both directions you can use the classic "static" command, but, for map some private IP onto the same public IP you must use the port redirection, to specify the correct TCP or UDP port:</P><P></P><P>ex 4:</P><P></P><P>static (inside, outside) tcp interface 80 10.10.10.10 80 </P><P>static (inside, outside) tcp interface 25 10.10.10.11 25 </P><P></P><P>ex 5:</P><P></P><P>static (inside, outside) tcp 200.200.200.200 80 10.10.10.10 80 </P><P>static (inside, outside) udp 200.200.200.200 69 10.10.10.11 5678 </P><P></P><P>i hope its useful,</P><P>bye, Graz</P><P></P><P></P></BODY></HTML> Tue, 06 Aug 2002 15:01:05 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19708#M620072 g.rodegari 2002-08-06T15:01:05Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19709#M620073 <HTML><HEAD></HEAD><BODY><P>Thanks a lot for your reply.</P><P></P><P> I have nat (ouside) one public ip</P><P> Nat (global) opne public ip</P><P>I created a static nat like</P><P> nat (inside,outside) tcp x.x.x.x 5000 10.1.2.1 5000</P><P>nat (inside,outside) tcp x.x.x.x 5001 10.1.2.2 5001</P><P>My intension was that these two systems should have a bi directional communication with a windows vpn server using the same public address.</P><P>I opened up port 1723 and gre port using conduit statements</P><P>When first tried to connect from 10.1.2.1 it connected successfully. But when i tried to connect from the second system using same windows vpn i am getting an error message like</P><P></P><P> The Specified port is not connected.</P><P> When gave show xlate command i seen the first command</P><P></P><P> global x.x.x.x local 10.1.2.1 static.</P><P>I disconnected from the 10.1.2.1 system and after two hourse(since xlate timout was 1:00:00) from the 10.1.2.2 system but still the same error. I removed the static mapping for the 10.1.2.1 but when i typed in </P><P> show xlate</P><P>still that mapping is there and it is not removed.</P><P></P><P> Can you please advice me how to go about for this problem</P><P></P><P> Thanks in Advance</P><P></P><P> J.Karthik</P><P></P><P></P></BODY></HTML> Wed, 07 Aug 2002 06:38:01 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19709#M620073 kjanakiraman 2002-08-07T06:38:01Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19710#M620074 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>try to add two other commands:</P><P></P><P>nat (inside)1 " yourprivatenet "</P><P>global(outside) 1 interface</P><P></P><P>I think that the vpn connection start with other ports not included in the static command, with these commands youo open other ports.</P><P></P><P>NB:</P><P>for remove xlate you must type "clear xlate"</P><P></P><P>i hope it help you.</P><P>Bye,</P><P>Graz. </P></BODY></HTML> Wed, 07 Aug 2002 09:23:05 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19710#M620074 g.rodegari 2002-08-07T09:23:05Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19711#M620075 <HTML><HEAD></HEAD><BODY><P>Thanks a lot for your mail.</P><P></P><P> Since i have alreadu nat (inside) 1 192.168.1.2</P><P> nat (global) 244.x.x.1</P><P></P><P> Will the new nat does not harm them? Should i use the same nat id 1 or can i use a different id. If i configure as you said above. All the different private ip addresses will go with the global address? Like i can map the global 244.x.x.1 with all public address or should i use different public address?</P><P></P><P> Thanks in Advance</P><P></P><P> J.Karthik</P></BODY></HTML> Wed, 07 Aug 2002 09:41:26 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19711#M620075 kjanakiraman 2002-08-07T09:41:26Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19712#M620076 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>if you want to traslate to the same global ip use the same nat id, instead create a new nat command with a new nat id, eg 2, and an other global with tha same nat id.</P><P>Nat and static work togheter, the static dominate the nat. </P><P>You can map plus private IP to the same public IP:</P><P></P><P>ex :</P><P></P><P>nat (inside) 2 192.168.1.0 255.255.255.0</P><P>global (outside) 2 224.x.x.2</P><P></P><P>Hope that's help.</P><P></P><P>Graz.</P><P></P></BODY></HTML> Wed, 07 Aug 2002 10:37:58 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19712#M620076 g.rodegari 2002-08-07T10:37:58Z https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19713#M620077 <HTML><HEAD></HEAD><BODY><P>Thanks a lot. I will check according to your advice.</P><P></P><P> Thanks and Regards</P><P></P><P> J.Karthik</P></BODY></HTML> Wed, 07 Aug 2002 11:23:55 GMT https://community.cisco.com/t5/network-security/mapping-of-single-public-with-many-private-ip-address-in-cisco/m-p/19713#M620077 kjanakiraman 2002-08-07T11:23:55Z