Basic diagram is attached.  text in RED is what I am having difficulties with.  thank you!

Hi Paul, thank you for the response.  This only addresses half of the issue, which is to make the 10.10.10.x host accessible via the public IP address.  The issue is also that INCOMING connection from the Internet in needs to also get NATed to 10.10.10.x network.  I think I have solved it with this line 

ip nat outside source static [public address from internet] 10.10.10.2

so now, NAT translation looks like it should:

Pro  Inside global         Inside local          Outside local         Outside global

tcp  12.12.12.1:30001  10.10.10.100:1111    10.10.10.2:1111    [public address from internet] :56604

But now, the only issue is incomplete ARP

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.10.10.2 0 Incomplete ARPA

I am trying to resolve this now..

Hello

---

@JamesS4 wrote:

Hi Paul, thank you for the response.  This only addresses half of the issue, which is to make the 10.10.10.x host accessible via the public IP address.  The issue is also that INCOMING connection from the Internet in needs to also get NATed to 10.10.10.x network.

---

ip nat inside source static tcp 10.10.10.100 80 12.12.12.1 80 extendable

This is why i added the above PAT statement as an example but are saying you wish to for a specific outside global address to be seen as a collocation address?

yes, the outside global address must be NATed to 10.10.10.x address.  

The colocation endpoint (which I have no control over) only passes traffic to the 10.10.10.x network

I also would like to reiterate that Gi0/2 is an outside interface as well, not inside, which cannot be changed either.

Hello

---

@JamesS4 wrote:

Pro  Inside global         Inside local          Outside local         Outside global

tcp  12.12.12.1:30001  10.10.10.100:1111    10.10.10.2:1111    [public address from internet] :56604

 

But now, the only issue is incomplete ARP

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.10.10.2 0 Incomplete ARPA

---

The possible reason is the nat router now does not have a valid route for 10.10.10.2 ( i am assuming 10.10.2 is a spare ip address in this subnet and not a specific live host?)

Either the below should work:-

ip nat outside source static [external public address from internet] 10.10.10.2 add-route
or
ip route 10.10.10.2 255.255.255.255 (your own public ip)

Thank you for your continued assistance.

You are correct that 10.10.10.2 is a spare unallocated IP I selected.

I did try both of your suggestions (actually prior to your response).  The 'add-route' option does not appear to have any impact.

The routing statement causes 10.10.10.2 to disappear from the ARP table altogether.  It doesn't show incomplete -- it just does not appear in the table at all.

If I remove 'ip route 10.10.10.2 255.255.255.255 (your own public ip)' then I see the incomplete entry again.

Any other ideas?  I feel like I am so close  =/

Hello

Okay maybe we’re missing someone fundermental so can you post the confitif your nat router please - 

by by the way I had a typo rregard the static route it needed to be pointed to your external public interface not ip -as it needs to be seen as a more specific connected route 

Here is all the relevant config, sanitized.  The line in bold appears to have been added by the 'add-route' option FYI, not a specific requirement of ours in any way.  Thank you!!

interface GigabitEthernet0/0

description WAN
ip address [our public ip] 255.255.255.248
ip nat outside

!

interface GigabitEthernet0/1

description LAN
ip address 10.10.10.1 255.255.255.192
ip nat inside
!
interface GigabitEthernet0/2

description colo
ip address 192.168.1.117 255.255.255.252
ip nat outside
!

ip route 0.0.0.0 0.0.0.0 [our public IP next hop]
ip route 10.10.10.0 255.255.255.0 [our public IP next hop]
ip route 192.168.2.0 255.255.255.240 192.168.1.118
!
ip nat inside source static tcp 192.168.2.10 1111 [our public ip] 1111 extendable
ip nat inside source static tcp 10.10.10.2 15914 [our public ip] 15914 extendable
ip nat outside source static [external public IP] 10.10.10.2 add-route
!

Hello

1) remove “add route” from the static nat statement added earlier 

2) no ip route 10.10.10.0 255.255.255,0 public ip 

Ip route 10.10.10.2 255.255.255.255 gig0/0

3) int gig0/2

ip nat inside

this I sent to you is oversimplified a bit.  I cannot change int gi0/2 to be 'ip nat inside'.

The reason is we currently have other VLANs that also need to access the colo, and again those addresses need to be translated to 10.10.10.x  So we do have some inside to outside NATing already occurring on the gi0/2 interface and cannot change it to be inside.  hence the  original question, how to source NAT from outside interface (WAN) to outside interface (colo).

I'll try the rest of what you've suggested...

EDIT***

I've tried as you've outlined, but I suspect designating gi0/2 as inside interface is the critical missing piece here.  It still does not work, and there is Incomplete ARP entry for 10.10.10.x.

Is there any way to accomplish without changing the interface to inside? 

So I took the whole P2P and outside interface to outside interface issue out of the equation.

I did this by setting up an open port on our inside network and just focusing on the public to private source NAT.  This is what does not work.  So now we have only traffic going in and out of GI0/0.  The source IP NAT for inbound traffic is what is breaking this.   

I opened a new, simplified thread here:

https://community.cisco.com/t5/routing/how-to-source-nat-from-public-to-private-ip/m-p/3777898#M307419

Hello

Opening a new thread probably will mean you need to explain your topology again what your trying to accomplish,

The assumption until your last post was that you had two internal interfaces and one external but it seems its the other away around, and you want to source NAT from outside interface (WAN) to another outside interface (colo).internally, 

Is this still the case or has this now changed?