11-25-2002 08:34 PM - edited 03-09-2019 01:12 AM
when an inside server get static translated to a inside global address
can I use the global address to access the server from inside host?
it seems not work
I wonder the work process about cisco nat
thks
11-25-2002 09:44 PM
detailed configuration:
interface Ethernet0
ip address 192.168.1.8 255.255.255.224
ip nat inside
!
interface Ethernet1
ip address 172.16.5.225 255.255.255.0
ip nat outside
!
ip nat inside source list 9 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.11 23 interface Ethernet1 1500
!
access-list 9 permit 192.168.1.0 0.0.0.255
11-27-2002 12:03 PM
It will not work.
For NAT to work a packet has to transit through both an inside and an outside interface. The only way to make it work is to use a loopback interface as NAT outside and policy route the traffic for your inside translated host out of that interface and add a further NAT translation of the loopback.
Mechanics:
The tcp packet addressed to 172.16.5.225 port 1500 (which is the Eth1 address that translates to 192.168.1.11 port 23) when is incoming from eth0 (route map match source interface and destination IP) is routed to loopback 1 and since it goes out of an ip nat outside interface is translated.
Then it comes back in from the same interface (is a loopback) and since it still is an IP nat outside interface can be translated to whatever we want.
Then standard routing applies.
You will need an IP plus image to support policy routing.
Ensure there is enough CPU to handle the forecasted level of traffic between the two natting interfaces at ethernet speed (eth0 and loopback), without affecting router performance.
Fabio Sardone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide