04-26-2023 05:38 AM
Do cisco support PAT for incoming traffic? We tried it and we are not able to configure PAT for incoming traffic like we used to do for outgoing . We can do a Static NAT or Dynamic NAT, but what about PAT?
04-26-2023 05:50 AM
Hello,
When you say Cisco, which device do you refer to?
Cisco router does supports, as you can see below.
https://www.networkstraining.com/cisco-router-port-forwarding-configuration/
04-26-2023 06:01 AM
it is ASR 1000 series , Please note that it is for incoming traffic.
For example this is a VPN traffic, The 3rd party subnet is 10.0.0.0/24 which need to nat to one single IP 10.2.2.2 when it reaches our extranet router,
once packets are decrypted. Is that possible
04-26-2023 06:49 AM
I believe is possible but need to be tested. You can create a NAT like this:
object network 3RD_PARTY
subnet 10.0.0.0 255.255.255.0
nat (outside, inside) dynamic 10.2.2.2
And permit on the ACL:
access-list encrypt_acl line 1 extended permit ip <local network> <mask> 10.0.0.0 255.255.255.0
04-26-2023 07:15 AM
You need to test'
Instead of NAT inside use NAT outside in far end'
The outside can NATing many to one.
04-26-2023 07:27 AM
We did tested this with below command : But did not worked.
ip nat pool PAT-IP 10.2.2.2 10.2.2.2 prefix-length 24
ip nat outside source list <access-list> pool PAT-IP overload
04-26-2023 07:31 AM
What is not work NAT or VPN ?
Can you check show ip nat translate
If there is entry for NATing subnet?
04-26-2023 08:03 AM
VPN is up, but PAT we configured is not working, we checked NAT translation, it is not translating. Also we can see not nated packet in next hop firewalls . That is why I thought do cisco support PAT for inbound traffic
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide