cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

198
Views
0
Helpful
4
Replies
Beginner

ip nat outside to interface

Hi.

Is it possible to configure "ip nat outside source static x.x.x.x y.y.y.y" which y.y.y.y is router interface? 

I wanna do destination nat for my clients. (ip nat inside)

Everyone's tags (2)
4 REPLIES 4
VIP Mentor

Re: ip nat outside to interface

Hello,

 

what are you trying to accomplish ?

Beginner

Re: ip nat outside to interface

Hi

We have such this scenario. R3 is one customer (we do not have administrative access to R3).

customer clients with source of 172.16.0.1/24 want to connect to our server 2.2.2.2

There are 2 requirements :

(1) The range of 172.16.0.1/24 should be NAT to one IP address. (for instance : 192.168.200.1. we don't import customer range into our routing network.) hence source NAT with Overloading option (PAT) for Customer is needed.

(2) Customer does not route 2.2.2.2 IP address in R3. Just working with connected interface. They only know 1.1.23.2 (G0/0 of R2). 

In simple terms :

{172.16.0.1 (one example of many) --> 1.1.23.2} must be changed to {192.168.200.1 --> 2.2.2.2} in router R2.

Since IP nat outside does not support Overload option, we have to change the direction of inside and outside as shown below. (customer side will be inside nat)

Source NAT will be OK in this approach. 

"ip nat inside source list x pool y" that y is 192.168.200.1

Now, we need ip nat outside in order to do destination nat for customer. (1.1.23.2 to 2.2.2.2)NAT.png

ip nat outside source static 2.2.2.2 1.1.23.2 ...... It does not work. if another IP like 1.1.23.10 is used, everything will be OK. But it seems outside nat doesn't work with interface due to routing problem.

I don't know if I explained it well, if yes :) Is it possible to do outside nat using interface IP address??

 

VIP Advisor

Re: ip nat outside to interface

Hello

Not sure i understand but correct me if i have mis-understood the request.

1) any internal host needs to be dyanamiclly port address translated ( PAT)
172.16.0/24 <PAT> 1.1.23.2

2)You have a specific external host you which you internal users to be able to access - Now is this via a specific port or just by a single natted public ip address? - If the latter then you need an additional public ip address to use
You also would have the option to use destination nat so you can actually have your internal users use an internal ip address to reach the external host which would be statically natted public ip address



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
VIP Mentor

Re: ip nat outside to interface

Hello,

 

it is kind of hard to understand how your NAT inside and outside are currently set up. Can you post the configs of R1 and R2 ?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here