Hi JCarvaja,

Thanks for your response, actually i would like to translate an outside public IP to a specific inside ip address and using a X port.

It was very easy on the previous IOS 8.2 but currently Im working with IOS 8.6.

Please help me

Thank you

Hi,

Can you paste your NAT configuration? I understand that you want to translate - private ip to public ip (static nat).

For example your private ip is - 10.10.10.10 and public ip is: 100.100.100.100

then try this:

static (inside,outside) 100.100.100.100 10.10.10.10 netmask 255.255.255.255

Hope it will help you..!!

Thanks

Siraj

Hello Eduardomoi,

There are some basic configurations you need to do.

Here in the example a public ip 117.1.1.1 is natted to private ip 192.168.5.6 wih some services

Natting the public ip with private ip

static (inside,outside) 117.1.1.1 192.168.5.6 netmask 255.255.255.255

U need to understand which ports u need to allow, are they TCP or UDP or both?.

Here in the below example both TCP and UDP are allowed.

Create an object group for TCP and UDP

object-group protocol TCPUDP
protocol-object udp
protocol-object tcp

Allow the service as per the requirement with the help of access lists and note that source can be any u can modify as per the requirement of urs.

In the below example port ranges in between 12000 and 29999 are allowed

access-list acl_out extended permit object-group TCPUDP any host 117.1.1.1 range 12000 29999

port ranges in between 8000 and 9000  are allowed

access-list acl_out extended permit object-group TCPUDP any host 117.1.1.1 range 8000 9000

port for specific service called sip is allowed

access-list acl_out extended permit udp any host 117.1.1.1 eq sip

port for specific service called sip with port number 5060 is allowed

access-list acl_out extended permit udp any host 117.1.1.1 eq 5060

Please dont forget to rate the helpful posts and if u feel the answer is correct please do the query answered.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

I would like to add since it is 5545-x which works on 8.6 and 9.x  IOS so nat commands are different on this , below is what can help you:-

object network 10.0.0.10 (external ip)

host 10.0.0.10

object network 192.168.25.10 (internal ip)

host 192.168.25.10

nat (outside,inside) source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10

Hi Riyasat Ali,

Thank you for your prompt response, actually my conf is like the following but currently is not working the static nat from outside to inside

nat (inside,provider1) source dynamic INSIDEGROUP interface

nat (inside,provider2) source dynamic INSIDEGROUP interface

nat (provider1,inside) source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10

I ran the sh nat command but there are no hits for it

do u see any hit count on outside access-list for this traffic( as you need access-list since traffic is initiating from outside zone)  , if not , then provide me the access list what u have , source ip from whr u initiating the traffic , destination ip and translated ip .

and also try to change the sequence of this nat as following :-

nat (provider1,inside)  1 source static 10.0.0.10 10.0.0.10 destination static 192.168.25.10 192.168.25.10

Thanks, the ACL is:

access-list OUTSIDE extended permit ip any host 10.0.0.10

Hi

I changed the sequence and it is not working