Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
922
Views
0
Helpful
3
Replies

Cant set both static pat and nat overload same time

Go to solution
raresz
Level 1
Level 1

‎02-01-2021 07:42 AM - edited ‎02-01-2021 07:53 AM

Hi. I finally got public IP, so in case of homelab i wanted to push my NextCloud server outside.

What's the problem: 
I have almost blank configuration(interfaces, ssh access, dhcp - all works), i need only to have 2 things to be done for now: Static PAT for webserver that redirects port 80 and NAT overload for that all devices in home network has got internet access.

Router: 2851

Since i started trying configurations i can get only 3 states: NAT doesnt work at all, Works port forwarding into webserver but there is no internet access and third one: i have internet access but port forwarding doesn't work.

I have 2 configs where except this what i paste all other things are same everywhere.
interface Gi0/0 : ip nat outside
interface Gi0/1: ip nat inside
Here works: NAT overload

ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255

Here works: Static PAT

ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.111 22 83.x.y.z 22 extendable
ip nat inside source static tcp 192.168.1.111 80 83.x.y.z 80 extendable
ip nat inside source static tcp 192.168.1.111 443 83.x.y.z 443 extendable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit tcp any any
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any established
access-list 102 permit tcp any any eq 22
access-list 103 permit ip any any
access-list 110 permit tcp any any established

And the goal is to both things work together. Weird thing is even if i started from empty configuration and try to run ONLY static PAT first, typing commands line by line meanwhile checking what is enough to run it - it just didn't worked at all. Only way is to load whole config file. i checked on a computer all rest of config is same in both files.

I'm struggling with that 3rd day and i'm really tired specially every page when i search for "how to" it's only about 2 commands for static PAT and 2 commands for NAT overload. Can somebody help?

 

P.S. Always, every config it is - always it's apparent static translation while doing: show ip nat translations. So i thought commands for PAT are good just maybe there is a problem with ACL somewhere.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎02-02-2021 12:02 AM

Hello,

 

first of all, you don't need the 'extendable' keyword, as this is only required if you want to translate a private IP address to more than one public IP address. Looking at what you have posted, it appears you have only one public IP address ?

 

You could try the 'combinations' below:

 

1. 

 

ip nat pool ISP_POOL 83.x.y.z 83.x.y.z netmask 255.255.255.252 <-- make sure the mask matches yours
ip nat inside source list 101 pool ISP_POOL overload
!
ip nat inside source static tcp 192.168.1.111 22 83.x.y.z 22
ip nat inside source static tcp 192.168.1.111 80 83.x.y.z 80
ip nat inside source static tcp 192.168.1.111 443 83.x.y.z 443
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any

 

2. 

 

ip nat inside source route-map ISP_OUT interface GigabitEthernet0/0 overload
!
ip nat inside source static tcp 192.168.1.111 22 83.x.y.z 22
ip nat inside source static tcp 192.168.1.111 80 83.x.y.z 80
ip nat inside source static tcp 192.168.1.111 443 83.x.y.z 443
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
route-map ISP_OUT permit 10
match ip address 101
match interface GigabitEthernet0/0

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paul driver
VIP
VIP

‎02-01-2021 11:36 PM

Hello
Can you share the running config of your router in a file and attach to this please?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
raresz
Level 1
Level 1
In response to paul driver

‎02-01-2021 11:41 PM

Hi, i already managed it to work in middle of last night i just made ip
nat pool first and used sequence of pool and access list this time and it
worked.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎02-02-2021 12:02 AM

Hello,

 

first of all, you don't need the 'extendable' keyword, as this is only required if you want to translate a private IP address to more than one public IP address. Looking at what you have posted, it appears you have only one public IP address ?

 

You could try the 'combinations' below:

 

1. 

 

ip nat pool ISP_POOL 83.x.y.z 83.x.y.z netmask 255.255.255.252 <-- make sure the mask matches yours
ip nat inside source list 101 pool ISP_POOL overload
!
ip nat inside source static tcp 192.168.1.111 22 83.x.y.z 22
ip nat inside source static tcp 192.168.1.111 80 83.x.y.z 80
ip nat inside source static tcp 192.168.1.111 443 83.x.y.z 443
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any

 

2. 

 

ip nat inside source route-map ISP_OUT interface GigabitEthernet0/0 overload
!
ip nat inside source static tcp 192.168.1.111 22 83.x.y.z 22
ip nat inside source static tcp 192.168.1.111 80 83.x.y.z 80
ip nat inside source static tcp 192.168.1.111 443 83.x.y.z 443
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
route-map ISP_OUT permit 10
match ip address 101
match interface GigabitEthernet0/0

 

0 Helpful
Customers Also Viewed These Support Documents