Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
0
Helpful
7
Replies

Setting up PAT

sonitadmin
Level 1
Level 1

‎09-27-2012 06:08 AM - edited ‎03-11-2019 05:00 PM

Client has a block of 5 static IP's for the ISP.  They currently have them all in use and set up with static nat (Inside,outside) commands.  They are adding a new web application and ftp server that will need to be accessed from the outside.  Is it possible to use one public  IP address and just use PAT to get to everything?  If so, how would I set that up.

Below is a portion of the config that they have now, if I use PAT, does this all need removed and changed?  I'm really confused on how this would all work, any help is appreciated.

object network obj-192.168.1.0

subnet 192.168.1.0 255.255.255.0

object network obj-192.168.2.0

subnet 192.168.2.0 255.255.255.0

object network obj-192.168.3.0

subnet 192.168.3.0 255.255.255.0

object network obj-192.168.1.2

host 192.168.1.2

object network obj-192.168.1.7

host 192.168.1.7

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network NETWORK_OBJ_192.168.2.0_24

subnet 192.168.2.0 255.255.255.0

object network obj-192.168.1.2

nat (inside,outside) static xx.xx.xx.203 dns

object network obj-192.168.1.7

nat (inside,outside) static xx.xx.xx.201 dns

object network obj_any

nat (inside,outside) dynamic xx.xx.xx.204

Labels:
0 Helpful
7 Replies 7

Harish Balakrishnan
Spotlight
Spotlight

‎09-27-2012 06:18 AM

Hello Sonit

if you have one public IP free and the new app lication are in different servers ( different private IP's) you can do port based natting to allow communication from outside..

Harish.

0 Helpful

sonitadmin
Level 1
Level 1
In response to Harish Balakrishnan

‎09-27-2012 06:21 AM

Currently there are no public IP's free.  I am trying to consolidate by using PAT.  Can this be done?

Thanks!

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎09-27-2012 06:22 AM

Hi,

As long as that port is not in use by the internal server that is mapped with the public IP address I think it should work.

Just make sure you use a Manual NAT so it will take precedence over the Object NAT configuration you have in place.

nat (inside,outside) source static service

*Make sure you create all the required groups (network-ojects, object-service)

Luis

Luis Silva
0 Helpful

sonitadmin
Level 1
Level 1
In response to Luis Silva Benavides

‎09-27-2012 06:28 AM

So let's say that I have a public IP 50.50.50.50 that is already in a static nat command to internal 192.168.1.2 and access list setup to allow pop, http, https, and smtp to this server.

I cannot setup the above and tell it to use the same 50.50.50.50 address for http but point it to another server?

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to sonitadmin

‎09-27-2012 06:30 AM

yeas you are correct, i hope the earlier nat also port based not the ip to IP

Harish.

0 Helpful

sonitadmin
Level 1
Level 1
In response to Harish Balakrishnan

‎09-27-2012 06:36 AM

So with all the current IP's in use to a port (static nat command) already, would it be easier to get a bigger block and just change IP's?

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to sonitadmin

‎09-27-2012 06:44 AM

If it urgent,

you can select one public IP which is not using for web/ftp and that can be used for setting up the existing and the new appkications based on port..

for example your 50.50.50.50 is being used for only smtp but it is natted to IP to IP

that has to be changed  3 different port based nat, for smtp ( existing), ftp & web ( new)..

getting a new pool or expanding the pool, is really depend on your provider

hope this helps

Please rate helpful posts

Harish.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card