cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1826
Views
0
Helpful
7
Replies

Setting up PAT

sonitadmin
Level 1
Level 1

Client has a block of 5 static IP's for the ISP.  They currently have them all in use and set up with static nat (Inside,outside) commands.  They are adding a new web application and ftp server that will need to be accessed from the outside.  Is it possible to use one public  IP address and just use PAT to get to everything?  If so, how would I set that up.

Below is a portion of the config that they have now, if I use PAT, does this all need removed and changed?  I'm really confused on how this would all work, any help is appreciated.

object network obj-192.168.1.0

subnet 192.168.1.0 255.255.255.0

object network obj-192.168.2.0

subnet 192.168.2.0 255.255.255.0

object network obj-192.168.3.0

subnet 192.168.3.0 255.255.255.0

object network obj-192.168.1.2

host 192.168.1.2

object network obj-192.168.1.7

host 192.168.1.7

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network NETWORK_OBJ_192.168.2.0_24

subnet 192.168.2.0 255.255.255.0

object network obj-192.168.1.2

nat (inside,outside) static xx.xx.xx.203 dns

object network obj-192.168.1.7

nat (inside,outside) static xx.xx.xx.201 dns

object network obj_any

nat (inside,outside) dynamic xx.xx.xx.204

7 Replies 7

Hello Sonit

if you have one public IP free and the new app lication are in different servers ( different private IP's) you can do port based natting to allow communication from outside..

Harish.

Currently there are no public IP's free.  I am trying to consolidate by using PAT.  Can this be done?

Thanks!

Luis Silva Benavides
Cisco Employee
Cisco Employee

Hi,

As long as that port is not in use by the internal server that is mapped with the public IP address I think it should work.

Just make sure you use a Manual NAT so it will take precedence over the Object NAT configuration you have in place.

nat (inside,outside) source static service

*Make sure you create all the required groups (network-ojects, object-service)

Luis

Luis Silva

So let's say that I have a public IP 50.50.50.50 that is already in a static nat command to internal 192.168.1.2 and access list setup to allow pop, http, https, and smtp to this server.

I cannot setup the above and tell it to use the same 50.50.50.50 address for http but point it to another server?

yeas you are correct, i hope the earlier nat also port based not the ip to IP

Harish.

So with all the current IP's in use to a port (static nat command) already, would it be easier to get a bigger block and just change IP's?

If it urgent,

you can select one public IP which is not using for web/ftp and that can be used for setting up the existing and the new appkications based on port..

for example your 50.50.50.50 is being used for only smtp but it is natted to IP to IP

that has to be changed  3 different port based nat, for smtp ( existing), ftp & web ( new)..

getting a new pool or expanding the pool, is really depend on your provider

hope this helps

Please rate helpful posts

Harish.

Review Cisco Networking for a $25 gift card