Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1655
Views
0
Helpful
17
Replies

how to source NAT outside interface to outside interface?

JamesS4
Level 1
Level 1

‎01-09-2019 08:29 AM - edited ‎01-09-2019 09:01 AM

Hi, looking for assistance on an issue.

 

Our Cisco ISR router has three active interfaces -- one inside interface (local LAN), one outside interface to Internet, and one outside interface that is point to point connection to a colocated site.

 

The colocated site only accepts traffic from one subnet, let's say 10.10.10.x.  

 

So on our local network everything is either on 10.10.10.x. or we NAT overload anything else to be on this network.

 

The issue is, we need to have a connection from the Internet get to a server at the colocation via our local site.

 

The destination NAT is not an issue: ip nat inside source static tcp [colocation server IP] 1111 [our Internet static IP] 1111 extendable

 

But trying to determine how to source NAT so that the public IP coming from the Internet is translated to a 10.10.10.x address.

 

I have tried: ip nat inside source list [ACL that permits the public IP] pool [10.10.10.x address pool] overload

 

Also tried: ip nat outside source list [ACL that permits the public IP] pool [10.10.10.x address pool]

 

But admittedly I don't really know the distinction.  At any rate, neither works.  Looking at the NAT translations, shows the Outside local and Outside global source IP is unchanged.  If my understanding is correct, I think I need to get the Outside local IP to be a 10.10.10.x address.

 

Happy to provide any further info.

 

Thanks!

Labels:
0 Helpful
17 Replies 17

JamesS4
Level 1
Level 1
In response to paul driver

‎01-11-2019 12:16 PM

Hi Paul,

 

Yes, that is true.  But what I've found is that even Source NATing from outside interface (Gi0/0) to inside interface (Gi0/1) doesn't work either.  So I wanted to address that more basic issue before looking at the larger issue, hence the new thread.

0 Helpful

paul driver
VIP
VIP
In response to JamesS4

‎01-11-2019 12:23 PM - edited ‎01-11-2019 12:24 PM

Hello

@JamesS4 wrote:

Hi Paul,

 

Yes, that is true.  But what I've found is that even Source NATing from outside interface (Gi0/0) to inside interface (Gi0/1) doesn't work either.  So I wanted to address that more basic issue before looking at the larger issue, hence the new thread.

All depends on your configuration and how you are trying to connect into your network from the outside when you applied these PAT statements

 

You can apply outside nat to a use or active or spare public ip address or to an specific internal host or just a made up internal address - Having completed this on numerous occasions it does work.

So can you post your current configuration as it now and let us know if you still want to use two outside interfaces on the nat router 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP
In response to paul driver

‎01-11-2019 01:40 PM

Hello

Based on your last post regards having two outside interfaces and wanting to nat internally atached is a working sample:


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
32 KB
Preview file
3 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card