Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
3
Replies

Configuring incoming PAT/NAT in specific port CISCO Router

EduardR
Level 1
Level 1

‎08-14-2019 02:57 PM

Hello fellow experts,

 

We are having a pretty rough time trying to configure a NAT/PAT in one of our internet routers, and i think someone here can help us with some ideas. The scenario is this:

  1. We have a router connected to internet and performing NAT overload to allow our users to navigate with the public IP address (just one) while masking our internal private IPs.
  2. We need to expose one service to internet over the same IP address (lets say some webpage at port 8080), and need to configure the incoming connections to be routed to some specific internal IP without disrupting our users internet connectivity.

Sadly, we dont have other public IP address to NAT the connection over other IP, and we are looking at many examples over the internet but we dont find some suitable method to configure a NAT pool or ACL to allow the incoming connection specifically. Can someone advice something to us about this?

 

Our router working configuration is this (similar, btw):

interface GigabitEthernet0/0/0
  description OUTSIDE_ADDRESS
  ip address <<OUTSIDE PRIVATE ADDRESS>>
  ip nat outside
interface GigabitEthernet0/0/1.1
 description INSIDE_ADDRESS
 encapsulation dot1Q 1
 ip address <<INSIDE PRIVATE ADDRESS>>
 ip nat inside
ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>>
ip nat inside source list 3 pool NAME overload
ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>>
access-list 3 permit <<INSIDE PRIVATE ADDRESS>> <<MASK>>

And we need to allo that someone outside can open some webpage at <<PUBLIC IP>>:8080 that will be routed to some internal private IP address.

 

Is this even possible?

 

Thanks at advance and best regards!

 

Labels:
0 Helpful
3 Replies 3

luis_cordova
VIP Alumni
VIP Alumni

‎08-14-2019 03:25 PM - edited ‎08-14-2019 03:27 PM

Hi @EduardR ,

 

Try this:

 

no ip nat pool NAME <<PUBLIC IP>> <<PUBLIC IP>> netmask <<MASK>>

no ip nat inside source list 3 pool NAME overload

 

ip  nat inside source list 3 interface g0/0/0 overload

ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable 

 

Check this link:

https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html

 

Regards

0 Helpful

EduardR
Level 1
Level 1
In response to luis_cordova

‎08-15-2019 08:59 AM

Thank you for the advice, we will try it. 

 

I have another question, we are trying to get another public IP address for another user group and the configuration will look like this one:

interface GigabitEthernet0/0/0
  description OUTSIDE_ADDRESS
  ip address <<OUTSIDE PRIVATE ADDRESS>>
  ip nat outside
interface GigabitEthernet0/0/1.1
 description INSIDE_ADDRESS_1
 encapsulation dot1Q 1
interface GigabitEthernet0/0/1.2
 description INSIDE_ADDRESS_2
 encapsulation dot1Q 2
 ip address <<INSIDE PRIVATE ADDRESS>>
 ip nat inside
ip nat pool NAME_1 <<PUBLIC IP 1>> <<PUBLIC IP 1>> netmask <<MASK>>
ip nat pool NAME_2 <<PUBLIC IP 2>> <<PUBLIC IP 2>> netmask <<MASK>>
ip nat inside source list 3 pool NAME_1 overload
ip nat inside source list 4 pool NAME_2 overload
ip route 0.0.0.0 0.0.0.0 <<OUTSIDE PRIVATE ADDRESS NEXT-HOP>>
access-list 3 permit <<INSIDE PRIVATE ADDRESS_1>> <<MASK>>
access-list 4 permit <<INSIDE PRIVATE ADDRESS_2>> <<MASK>>

Both public IP uses the same private outside connection. It is possible to use the same scheme for this scenario? I am not pretty sure about this line:

ip  nat inside source list 3 interface g0/0/0 overload

Because both public IP will use the g0/0/0.

0 Helpful

luis_cordova
VIP Alumni
VIP Alumni
In response to EduardR

‎08-15-2019 09:12 AM

Hi @EduardR ,

 

In this second scenario, you can try the settings you indicate, but, adding this configuration:

 

ip nat inside source static tcp <<IP WEB SERVER>> 8080 <<PUBLIC IP>> 8080 extendable 

 

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card