cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
488
Views
0
Helpful
3
Replies

nat help

elite2010
Level 3
Level 3

Hi,

 

 

 

In 192.168.2.10  enabled http and https . If source is  is the server (Server accessing hosts outside ),I want to show the source ip is 2.2.2.2 .

 

object network 192.168.2.10

nat (Inside,Outside) static 2.2.2.2

 

nat (Inside,Outside) after-auto source dynamic 192.168.2.10  2.2.2.2

 

This is possible ?

 

the below configuration works

 

object network 192.168.2.10

nat (Inside,Outside) static 2.2.2.2

 

nat (Inside,Outside) after-auto source dynamic 192.168.2.10  2.2.2.1

Thanks 

3 Replies 3

Hi Elite,

 

If you have configured the following static NAT then there is no need to configure PAT for the same server/IP.


object network 192.168.2.10

nat (Inside,Outside) static 2.2.2.2

 

If 192.168.2.10 accessing outside host then it will always be having the source IP address 2.2.2.2

Spooster IT Services Team

Hi,

Not all machine in the network 192.168.2.0 have static NAT . 

So I have added pat like below 

nat (Inside,Outside) after-auto source dynamic 192.168.2.0 2.2.2.3

So whenever  traffic is going from any host in the network 192.168.2.0 , it shows 2.2.2.3 .

 

object network 192.168.2.10

nat (Inside,Outside) static 2.2.2.2

My requirement when 2.10 accessing outside internet host , host has to see the source is 2.2.2.2 instead of 2.2.2.3 

Same time host 192.168.2.3 accessing outside internet host , host has to see the source is 2.2.2.3 .

Please note I don't have static nat for 192.168.2.3 like 2.10 

Thanks

 

Hi elite,

 

You need to add "host 192.168.2.10" under your object. Please check below for a sample config.

object network 192.168.2.10

host 192.168.2.10

nat (Inside,Outside) static 2.2.2.2

 

Now, your host 192.168.2.10 is accessible from the Internet by using public IP 2.2.2.2 based on your outside interface ACL and when this host will go to the Internet it always has source IP 2.2.2.2 instead of 2.2.2.3 because the above NAT has higher preference over the after-auto NAT.

 

On the other hand, all other hosts from the same subnet will use 2.2.2.3 as the source while going to the Internet due to PAT.

 

 

 

Spooster IT Services Team
Review Cisco Networking for a $25 gift card