Re: Cisco IOS DNAT

uni1389 · ‎08-14-2024

Hello All,

am trying to configure NAT outside to access host behind natting device, but am not able to access it. The config snapshot is mentioned are mentioned below for your support. Thanks in advance for your tips. I have configured DNAT but it breaks SNAT and after remove it DNAT it is working fine. I need to understand the config error what am doing.

ISP RTR

ip nat pool TEST 192.168.1.100 192.168.1.110 netmask 255.255.255.0

ip nat outside source list 1 pool PoolLan1 add-route

access-list 1 permit any

M02@rt37 · ‎08-14-2024

Hello @uni1389

To sum up:

ip nat inside source:

Translates the source IP address of packets that travel from inside to outside.

Translates the destination IP address of packets that travel from outside to inside.

--

ip nat outside source:

Translates the source IP address of packets that travel from outside to inside.

Translates the destination IP address of packets that travel from inside to outside.

So, to access host behind natting device (ISP Router) you want translate the destination IP address of packets that travel from outside to inside. This is the context of ip nat inside command.

Example wirh port forwarding

ip nat inside source static tcp 172.16.1.1 80 192.168.1.254 80

What we call "source NAT" and "destination NAT" apply to the traffic that flows from the inside to the outside interface, in other words from your internal LAN to the "Internet". It is only natural that in the return traffic, the opposite addresses are rewritten, i.e. if the source NAT rewrites the source IP in the traffic going from inside to outside, it will also rewrite the destination IP in the traffic going from outside to inside...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

paul driver · ‎08-14-2024

Hello
First of all the access-list 1 is incorrect, NAT does not like "any" entries in acls, also your "public" ip addressing being supplied via dhcp on the wan interface which is already a private ip address (192.168.0.222), which means you are in essence your rtr is natting on a natted address (double nat)

what you are doing presentably with that outside nat statement is basically try to translate any external traffic to an ip 192.168.1.110 that originates from the lan interface of that rtr.

Can you elaborate a little bit more on what your are try to accomplish?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

uni1389 · ‎08-14-2024

Hello,

Actually am using EVE-NG and ISP RTR natting for EVE-NG nodes. am trying to access devices which are behind ISP routers, this is not working for me. Summary is also as under:-

HOSTS-->RTR(x)-->ISP Router(NATTING)--->DSL Mode -->Internet ........ Working fine.....

HOSTS-->DSL MODEM-->ISP Router(NATTING)-->RTR(X)-->HOSTS ........ NOT Working fine..... in this case I can ping NAT ip as show in snapshot , but am not able to ping devices attched to ISP RTR and RTR(X).

thanks in advance for assistance.

Regards

paul driver · ‎08-14-2024

Hello

HOSTS-->DSL MODEM-->ISP Router(NATTING)-->RTR(X)-->HOSTS ........ NOT Working fine..... in this case I can ping NAT ip as show in snapshot , but am not able to ping devices attched to ISP RTR and RTR(X).

your diagram isn’t clear enough to see the host names of the rtrs and its still not clear regards your failed pings from where/to?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul