NAT - establishing static outside to inside translations

arosmith · ‎11-14-2001

I am having problems with the following scenario. My client's network is at the far end of a FR p-t-p connection. Our core router is a 3Com (I know, I'm workin on it). The client's side of the frame is connected with a C1700 with 12.1 (8a) IOS.

Both networks are using 10.x.x.x networks. Security by IP for all connections is in effect so dynamic NAT is not going to do the job.

The client side is configured as inside, and my network is outside.

I need to translate both the source AND destination of packets that are initiated from outside. Historically we have been translating the sources on either side, but we want to put all the translation on one router (the far end client side).

I need to change incoming outside network packets like this:

S:1.1.1.1 D:2.2.2.2

Into this:

S:3.3.3.3 D:4.4.4.4

How to do this with static translations? I'm thinking that each static "NAT route" will require two entries (one to change the source and one to change the destination). We have allocated a range of addresses that the client's host machine can use in lieu of the serial interface back to us.

MickPhelps · ‎11-14-2001

You should be able to do this with the following two lines:

ip nat inside source static 1.1.1.1 3.3.3.3

ip nat inside destination static 2.2.2.2 4.4.4.4

You may have to flip-flop the addresses on each line... I always get the order confused! :)

Mick.

arosmith · ‎11-15-2001

Yes, one would think... unfortunately the "ip nat inside dest static" command is invalid. The only thing resembling it in this IOS is "ip nat inside dest list pool "

Do I need a new IOS? This one is 12.1.8a on a 1700. Should I just create the list and pool with one IP address?

MickPhelps · ‎11-15-2001

Didn't know that...

How about ip nat outside source ?

Mick.

arosmith · ‎11-16-2001

Yes, the ip nat outside source static command is valid.