01-09-2019 08:29 AM - edited 01-09-2019 09:01 AM
Hi, looking for assistance on an issue.
Our Cisco ISR router has three active interfaces -- one inside interface (local LAN), one outside interface to Internet, and one outside interface that is point to point connection to a colocated site.
The colocated site only accepts traffic from one subnet, let's say 10.10.10.x.
So on our local network everything is either on 10.10.10.x. or we NAT overload anything else to be on this network.
The issue is, we need to have a connection from the Internet get to a server at the colocation via our local site.
The destination NAT is not an issue: ip nat inside source static tcp [colocation server IP] 1111 [our Internet static IP] 1111 extendable
But trying to determine how to source NAT so that the public IP coming from the Internet is translated to a 10.10.10.x address.
I have tried: ip nat inside source list [ACL that permits the public IP] pool [10.10.10.x address pool] overload
Also tried: ip nat outside source list [ACL that permits the public IP] pool [10.10.10.x address pool]
But admittedly I don't really know the distinction. At any rate, neither works. Looking at the NAT translations, shows the Outside local and Outside global source IP is unchanged. If my understanding is correct, I think I need to get the Outside local IP to be a 10.10.10.x address.
Happy to provide any further info.
Thanks!
01-11-2019 12:16 PM
Hi Paul,
Yes, that is true. But what I've found is that even Source NATing from outside interface (Gi0/0) to inside interface (Gi0/1) doesn't work either. So I wanted to address that more basic issue before looking at the larger issue, hence the new thread.
01-11-2019 12:23 PM - edited 01-11-2019 12:24 PM
Hello
@JamesS4 wrote:
Hi Paul,
Yes, that is true. But what I've found is that even Source NATing from outside interface (Gi0/0) to inside interface (Gi0/1) doesn't work either. So I wanted to address that more basic issue before looking at the larger issue, hence the new thread.
All depends on your configuration and how you are trying to connect into your network from the outside when you applied these PAT statements
You can apply outside nat to a use or active or spare public ip address or to an specific internal host or just a made up internal address - Having completed this on numerous occasions it does work.
So can you post your current configuration as it now and let us know if you still want to use two outside interfaces on the nat router
01-11-2019 01:40 PM
Hello
Based on your last post regards having two outside interfaces and wanting to nat internally atached is a working sample:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide