Destination nat home environment

angelosss · ‎08-30-2023

Hello,

I'd like help setting up a nat destination on a C1111-4PLTEEA, Version 16.09.08, basically what I'd like to do is nat anyone who contacts my public ip address on port 500 to the private address 192.168.178.101 on 500, the public ip is not fized but provided via ppoe.

The current configuration provides that a "nat ip inside" is configured on the private interface part, and a "nat ip outisde" on the Dialer to allow navigation. I found on the net that the solution could be to switch to the new conception of nat, removing ip nat outside/inside on the interfaces and enabling the ip nat enable command but it is not a command that I have available, maybe relase problem?

Thanks in advise,

Angelo.

angelosss · ‎08-31-2023

anyone know how can i achive this?

DanielP211 · ‎08-31-2023

Hello!
This is the configuration. Tweak it to your demands (port is tcp 500):

interface Dialer1
ip nat outside
ip access-group FromOutside in

interface VlanXX
ip address 192.168.178.1 255.255.255.0
ip nat inside

ip nat inside source static tcp 192.168.178.101 500 interface Dialer1 500

ip access-list extended FromOutside
permit tcp any any eq 500
..

BR

****Kindly rate all useful posts*****

angelosss · ‎08-31-2023

Hello,

thanks for your reply, i have applied your configuration but i loose connectivity via Internet from my lan 10.0.0.0/24 that stay behind 192.168.178.101.

interface GigabitEthernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
!
interface GigabitEthernet0/0/1.835
encapsulation dot1Q 835
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
switchport access vlan 10
switchport mode access
!
interface Cellular0/2/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
shutdown
ipv6 enable
!
interface Cellular0/2/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan10
description LAN-CASA
ip address 192.168.178.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip access-group FromOutside in
encapsulation ppp
ip tcp adjust-mss 1442
dialer pool 1
dialer-group 1
ppp authentication pap callin
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source static udp 192.168.178.101 500 interface Dialer1 500
ip nat inside source list NAVIGAZIONE interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.255.255.0 192.168.178.101
!
!
ip access-list extended FromOutside
permit udp any any eq isakmp
ip access-list extended NAVIGAZIONE
permit ip 10.0.0.0 0.0.0.255 any
!
logging trap debugging
logging facility local2
access-list 10 permit any
ip access-list extended 100
permit udp any any eq bootpc
!
!
!
!
!
!
control-plane
!
banner motd ^Cuthorized ^C
!
line con 0
login authentication local_auth
transport preferred none
transport input none
transport output telnet
stopbits 1
line vty 0 4
login authentication local_auth
transport input telnet
line vty 5 15
!
!
!
!
!
!
end

angelosss · ‎09-01-2023

someone know how can i fix it?

DanielP211 · ‎09-01-2023

OK... So my access-list was more a guideline than an actual access-list. So remove it.

****Kindly rate all useful posts*****

moris9896 · ‎11-30-2023

Hi, thanks for the config. settings and letting us know the steps. All you explained is pretty easy to follow. I have use this and once interrupted by the internet speed, I got success in the second attempt. Working well with me in my project.

Thanks agains