Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Could the Cisco router do return NAT?

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast

‎06-18-2019 02:14 AM - edited ‎06-18-2019 03:45 AM

My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

Labels:
0 Helpful
9 REPLIES 9

omz
Collaborator
Collaborator

‎06-18-2019 02:32 AM

Hi 

Under the interface config you need - ip nat inside / ip nat outside command on the appropriate interface. 

See example - 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html

 

 

0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to omz

‎06-18-2019 03:23 AM - edited ‎06-18-2019 03:46 AM

My configuration now looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source static x.100.1.202 x.223.40.154
ip nat inside source static x.100.1.204 x.223.40.155

The x.100.1.202 can ping but can't rdp to x.223.40.155.

I tried to add more 2 commands:

ip nat outside source static x.223.40.154 x.100.1.202
ip nat outside source static x.223.40.155 x.100.1.204

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

 

Thank you very much.

0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert

‎06-18-2019 05:38 AM

Hello
Externally you should be able to ping towards  x.223.40.154 and see a translation to x.100.1.202  and the same goes for  x.223.40.155 and see a translation to x.100.1.204
Internally you should be able to ping anything internal without nat being introduced. 

 

Now if are you wishing to connect to the external natted address of an internal host from another internal host?

Then were correct in the first place to use domian-less nat (ip nat enable,  ip nat source static xx)  and it should have worked

Can you post the configuration of your rtr, Do you have a default applied?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to paul driver

‎06-18-2019 08:33 PM - edited ‎06-18-2019 08:46 PM

The configuration in the topic and I also attach of the whole router.

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

1.jpg

# sho ip nat nvi tra icmp
Pro Source global         Source local          Destin  local         Destin  global
icmp x.170.119.58:39556 x.170.119.58:39556  x.223.40.155:39556  x.100.1.204:39556
icmp x.170.119.58:44676 x.170.119.58:44676  x.223.40.154:44676  x.100.1.202:44676
icmp x.223.40.154:1     x.100.1.202:1        x.223.40.155:1      x.100.1.204:1

Thank you very much.

Preview file
2 KB
0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert
In response to ปลาวาฬทราย RMUTT CPE IX