Re: Do cisco support PAT for incoming traffic?

Aaida · ‎04-26-2023

Do cisco support PAT for incoming traffic? We tried it and we are not able to configure PAT for incoming traffic like we used to do for outgoing . We can do a Static NAT or Dynamic NAT, but what about PAT?

Flavio Miranda · ‎04-26-2023

Hello,

When you say Cisco, which device do you refer to?

Cisco router does supports, as you can see below.

https://www.networkstraining.com/cisco-router-port-forwarding-configuration/

Aaida · ‎04-26-2023

it is ASR 1000 series , Please note that it is for incoming traffic.

For example this is a VPN traffic, The 3rd party subnet is 10.0.0.0/24 which need to nat to one single IP 10.2.2.2 when it reaches our extranet router,
once packets are decrypted. Is that possible

Flavio Miranda · ‎04-26-2023

I believe is possible but need to be tested. You can create a NAT like this:

object network 3RD_PARTY
subnet 10.0.0.0 255.255.255.0
nat (outside, inside) dynamic 10.2.2.2

And permit on the ACL:

access-list encrypt_acl line 1 extended permit ip <local network> <mask> 10.0.0.0 255.255.255.0

MHM Cisco World · ‎04-26-2023

You need to test'

Instead of NAT inside use NAT outside in far end'

The outside can NATing many to one.

Aaida · ‎04-26-2023

We did tested this with below command : But did not worked.

ip nat pool PAT-IP 10.2.2.2 10.2.2.2 prefix-length 24
ip nat outside source list <access-list> pool PAT-IP overload

MHM Cisco World · ‎04-26-2023

What is not work NAT or VPN ?

Can you check show ip nat translate

If there is entry for NATing subnet?

Aaida · ‎04-26-2023

VPN is up, but PAT we configured is not working, we checked NAT translation, it is not translating. Also we can see not nated packet in next hop firewalls . That is why I thought do cisco support PAT for inbound traffic