Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
3
Replies

IOS TCP OUTSIDE NAT Issue

shakeelahmadch
Level 1
Level 1

‎04-19-2006 01:00 PM - edited ‎03-03-2019 12:27 PM

Hi Guys,

i am in a confusion here if someone can guide me. Following is the scenario:

CISCO-3600 ( 1 Private IP, 1 PUblic IP)

Private IP: 192.168.0.1

Public IP: 193.169.0.1

Default Route : Public ISP

Machine

1st interface IP: 192.168.0.10

2nd Interface IP: 10.10.10.10

default route 10.10.10.1

static route for 193.169.0.1 gw 192.168.0.1

We are trying to do a outside TCP nat, so that if someone tries to access 80 port on 193.169.0.1 , it should go to 192.168.0.10 ;s 80 port.

We have been trying it with different scenarios/commands but were'nt successfull so. Any body can guide me in this.

(ip nat outside static source 193.169.0.1 80 182.168.0.10 80)

All other options are working. The only reason we want to outside is ; machine's default gateway is on the other side of lan.

thanks,

Shakeel

Labels:
0 Helpful
3 Replies 3

pkhatri
Level 11
Level 11

‎04-19-2006 03:51 PM

Shakeel,

The NAT will work fine in the incoming direction. However, when it gets to your host, it will then route the packet out to 10.10.10.1, it's default gateway. That is why this breaks.

In order to fix this, point the default route on your machine to 192.168.0.1 and then enter in a bunch of specific routes for destinations that should be routed towards 10.10.10.1.

Hope that helps - pls do remember to rate posts that help.

Paresh

0 Helpful

shakeelahmadch
Level 1
Level 1
In response to pkhatri

‎04-19-2006 11:47 PM

Is there any possibility that System will get source address of 193.169.0.1 when a packet arrives and reply back (as it have a static route of the 193.169.0.1)

thanks.

0 Helpful

pkhatri
Level 11
Level 11
In response to shakeelahmadch

‎04-20-2006 12:01 AM

That would confuse things too much since you are using that same address for incoming sessions.

However, you can use some other private IP address to which you translate all outside source addresses.

For example, you could choose to use 192.168.254.0/24.

Then, you could use the following config to translate the outside source address:

ip nat pool Pool1 192.168.254.1 192.168.254.254 netmask 255.255.255.0

ip nat outside source list 10 pool Pool1

The, configure a route on the host machine as follows:

static route for 192.168.254.0/255.255.255.0 gw 192.168.0.1

Hope that helps - pls do remember to rate posts that help.

Paresh

0 Helpful
Customers Also Viewed These Support Documents