Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
4
Helpful
4
Replies

Issue with Dynamic and Static Nat

andremagri
Level 1
Level 1

‎03-10-2016 02:31 AM - edited ‎03-10-2019 11:33 PM

I have the following configuration

I have about 50 internal hosts that have static nats assigned with their respective services defined in the nat statement which I need to remove as I need to use dns-doctoring.

This is the config:

object network LB-TEST1
host 10.0.0.51

object network LB-TEST2
host 10.0.0.52

object network LB-TEST9
host 10.0.0.59

object network LB-TEST1
nat (any,Wan) static 1.1.1.1

object network LB-TEST2-HTTP
nat (any,Wan) static 1.1.1.2 service tcp www www

object network LB-TEST9
nat (any,Wan) static 2.2.2.2


nat (Lan,Wan) after-auto source dynamic any interface description Allow Internet Access to the Lan Network
WAN IP: 4.4.4.4


LB-TEST1 public ip 1.1.1.1
LB-TEST2 public ip 4.4.4.4
LB-TEST9 public ip 4.4.4.4

I can understand LB-TEST1 and LB-TEST2 but in this case shouldn't LB-TEST9's public ip be 2.2.2.2 ?

Labels:
0 Helpful
4 Replies 4

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-10-2016 02:38 AM

Hi Andre,

Yes you are right LB-TEST9's IP should be 2.2.2.2

Also for WWW service LB-TEST2 IP should be 1.1.1.2 and not 4.4.4.4

Regards,

Aditya

Please rate helpful posts.

0 Helpful

andremagri
Level 1
Level 1
In response to Aditya Ganjoo

‎03-10-2016 02:45 AM

adganjoo  I'm testing using whatsmyip.org so since the source port is dynamic in this case LB-TEST2 is returning 4.4.4.4 but replies from source port 80 should be translated to 1.1.1.2 as you said.

How do I make LB-TEST1 translate to 4.4.4.4 like the rest so that I can use the dns keyword?

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to andremagri

‎03-10-2016 02:54 AM

Hi Andre,

No the NAT statement for WWW is for the port 80 service.

object network LB-TEST2-HTTP
nat (any,Wan) static 1.1.1.2 service tcp www www

Can you check what is LB-TEST2-HTTP object is ?

Use the command sh run object id LB-TEST2-HTTP.

So lets say if i need to access the web services on any of the internal server I would use the NAT IP on port 80.

Regards,

Aditya

andremagri
Level 1
Level 1
In response to Aditya Ganjoo

‎03-10-2016 04:54 AM

made a mistake earlier, I should have included this one:

object network LB-TEST2-TEST
host 10.0.0.52

I found out what happened though in the meantime, the host LB-TEST9 has 2 ip addresses and the primary interface is set to another nat statement.  This explains why the public ip is different.

So what I would like to do is taking into consideration these 2 nats:

object network LB-TEST2-HTTP
nat (any,Wan) static 1.1.1.2 service tcp www www

object network LB-TEST3-HTTP
nat (any,Wan) static 1.1.1.3 service tcp www www

From LB-TEST2 or any other internal host I would like to access each other through HTTP using the internal ip instead of the outside one.

0 Helpful
Customers Also Viewed These Support Documents