05-07-2013 09:10 AM - edited 03-11-2019 06:40 PM
We have a public address scheme that is a .224, so we have a handfull of addresses. We currently nat overload to distribute addresses to our users for the internet. But we use the rest of our addresses for web servers and such. I am trying to figure out how I can nat an outside address with a specific port to an inside address with the original port. But I also need to inside address when browsing to the web to pat to the regular outside ip.
fictional addresses below but you get the idea
So I want 192.168.0.5 -> 67.0.1.5 going to and from the internet
But I also want 67.0.1.7:55556 -> 192.168.0.5:55556
I thought that setting up a nat (outside,inside) would do it. If I am on the right track help point me in the right direction.
There is a nat (insdie,outside) after-auto source dynamic any interface dns at the end for all out going traffic.
Solved! Go to Solution.
05-07-2013 09:26 AM
Hello Doug,
All you need is the following nat
Object network HTTP_Server
host 192.168.12.2
object network Outside_HTTP_Server
host 3.3.3.3
object service HTTP_Real
service tcp source eq 80
Object service HTTP_Fake
service tcp source eq 1880
nat (inside,outside) 1 source static HTTP_Server Outside_HTTP_Server service HTTP_Real HTTP_Fake
Remember the ACL on the outside interface permitting traffic to 192.168.12.2 eq 80
The fake port was 1880 in my example
The Dynamic NAT you already have there will do the rest
Remember to rate all of the helpul posts
05-07-2013 09:23 AM
Hi,
If I understood you correctly, you want
If this is true then you could configure
For TCP
object network STATIC-PAT-TCP55556
host 192.168.0.5
nat (inside,outside) static interface service tcp 55556 55556
For UDP
object network STATIC-PAT-UDP55556
host 192.168.0.5
nat (inside,outside) static interface service udp 55556 55556
This should work if there is no other NAT configuration that might potentially overlap this configuration and make it therefore useless.
Naturally this can be confirmed with testing after configurations or showing us the configurations.
Hope this helps
Please remember to mark the question as answered if it did and/or rate helpfull answers.
Naturally ask more if needed.
- Jouni
05-07-2013 09:26 AM
Hello Doug,
All you need is the following nat
Object network HTTP_Server
host 192.168.12.2
object network Outside_HTTP_Server
host 3.3.3.3
object service HTTP_Real
service tcp source eq 80
Object service HTTP_Fake
service tcp source eq 1880
nat (inside,outside) 1 source static HTTP_Server Outside_HTTP_Server service HTTP_Real HTTP_Fake
Remember the ACL on the outside interface permitting traffic to 192.168.12.2 eq 80
The fake port was 1880 in my example
The Dynamic NAT you already have there will do the rest
Remember to rate all of the helpul posts
05-07-2013 11:19 AM
This evening after hours I will give this a try. Thank you for your help.
05-08-2013 06:44 AM
Your explination was great. Thank you for your help.
05-08-2013 09:30 AM
Hello Doug,
My pleasure to help
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide