12-15-2011 11:30 AM - edited 03-11-2019 03:02 PM
I work exclusively from the command line. I have been trying to understand the configuration rules for 8.3 and above nat and could really use some assitance....
Here is a sample prior to 8.3:
global (outside) 2 192.168.2.3 netmask 255.255.255.255
nat (inside) 2 10.1.2.3 255.255.255.255
Could some one translate this to 8.3 and above and explain how the process?
Thank you!
Rick
12-15-2011 11:46 AM
Hello Richard,
It would be a pleassure to help you on this.
Object network host_inside_ 10.1.2.3
host 10.1.2.3
object network host_inside_10.1.2.3_natted
host 192.168.2.3
nat (inside,outside) source dynamic host_inside_ 10.1.2.3 host_inside_10.1.2.3_natted
1-First thing to say. On 8.3 we now use object networks on the nat statements so you will need to create one for each nat statement ( you can use the same object for different nat statements)
2- on prior versions to 8.3 you got to configure more than one command for each nat rule (except from the static) no on 8.3 you are going to be able to configure all kind of nat statements on one line ( Policy nat in one line, nat exemption, etc)
Here is a document I use when I was learning about 8.3.
https://supportforums.cisco.com/docs/DOC-9129
Any other question just let me know I will be more than glad to help.
Please rate helpful posts
Julio
12-15-2011 12:30 PM
Object network host_inside_ 10.1.2.3
host 10.1.2.3
object network host_inside_10.1.2.3_natted
host 192.168.2.3
nat (inside,outside) source dynamic host_inside_ 10.1.2.3 host_inside_10.1.2.3_natted
So, we are saying
1) nat from the inside interface to the outside interface
2) for the source address nat from host 10.1.2.3 to host 192.168.2.3
but when we use dynamic, are we referring to the port used on the source? And if that is true, would I substitute static if I wanted the same source port used?
12-15-2011 12:43 PM
Hello Richard,
When you use Dynamic nat will be just for outbound connections ( will nat the ip and source IP address on the outside interface).That being said you will use a random port ( higher than 1024)
Now If you want to nat the port to a specific port you will need to use port forwarding or a static one to one witch is used just for bydirectional.(Port forwarding is just for inbound connections)
Regards,
Julio
12-15-2011 01:10 PM
Okay, take a look at this and tell me if this would work....
Object network host_inside_ 10.1.2.3
host 10.1.2.3
object network host_inside_10.1.2.3_natted
host 192.168.2.3
object network net_201.201.192.0
subnet 201.201.192.0 255.255.255.0
object service port_1500
service tcp destination eq 1500
nat (inside,outside) source dynamic host_inside_ 10.1.2.3 host_inside_10.1.2.3_natted destination static net_201.201.192.0 service port_1500
12-15-2011 01:33 PM
Hello Richard,
The Nat statement is incomplete..
First of all what is what you want to acommplish with this?
1- Nat the inside user 10.1.2.3 to 192.168.2.3 when he goes to any host on the 201.201.192.0 /24 network on port 1500
The nat would look like these
nat (inside,outside) source dynamic host_inside_ 10.1.2.3 host_inside_10.1.2.3_natted destination static net_201.201.192.0
net_201.201.192.0 service service port_1500 service port_1500 .
Let me know if this is what you were looking for,
Please rate helpful posts.
Julio!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: