Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
5
Replies

C1111-4P NAT

vjlopes
Level 1
Level 1

‎12-22-2022 04:49 AM

Hello everyone,

 

I'm having trouble configuring some Cisco C1111-4P (1RU) and need some help.

Cisco IOS XE Software, Version 17.02.02
Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.2, RELEASE SOFTWARE (fc4)

The main objetive is to have a firewall on the LAN, NAT almost every port to it, but maintain remote access to my router via ssh or telnet.

 

On other Cisco routers i've been able to do it this way:

interface GigabitEthernet0/0/0
description WAN
ip address dhcp
ip nat outside
negotiation auto

interface Loopback0
description Loopback
ip address 1.1.1.1 255.255.255.255
ip nat inside
ip virtual-reassembly in

ip nat inside source static tcp 1.1.1.1 22 interface GigabitEthernet0/0/0 22
ip nat inside source static 192.168.1.100 interface GigabitEthernet0/0/0

 

Unfortunatly it doesnt work on C1111 as i loose remote access as soon as i apply the last NAT command.

Sorry for any erros. English is not my main language.

Cheers.

Labels:
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎12-22-2022 05:00 AM

Hello

@vjlopes wrote:

have a firewall on the LAN, NAT almost every port to it, but maintain remote access to my router via ssh or telnet.


can you elaborate on the topology , provide a diagram also post running config or the rtr?

sh run
sh ip route
sh arp
sh ip int brief



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎12-22-2022 05:56 AM

how you NAT 1:1 and then use static PAT ??
this not work I think. 
NAT 1:1 meaning that this global IP always nat to local IP. 

0 Helpful

emurray
Level 1
Level 1

‎12-22-2022 06:48 AM

I think if you want PAT you need to use the overload

The configuration below is where it seems to me where the error is.


ip nat inside source static tcp 1.1.1.1 22 interface GigabitEthernet0/0/0 22

 

0 Helpful

Georg Pauwen
VIP
VIP

‎12-22-2022 07:29 AM

Hello,

odd. I just recreated this in a lab, and your config works perfectly. Can you turn on debugging:

debug ip nat

debug ip ssh

and post the output ?

0 Helpful

MHM Cisco World
VIP
VIP

‎12-22-2022 07:38 AM

Using route maps for conditional NAT – CiscoZine

as I mention before the return back traffic can not work with two static PAT and NAT 1:1 (not work optimal)
try use route-map make your static NAT conditional. 
thnaks 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card