cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3339
Views
5
Helpful
22
Replies

Multiple Nating - practically

Eng-Ruthless
Level 1
Level 1

Dear Engineers,


Good day!

I have an important technical inquiry and I seek your assistance.

One of the requirements is to perform (SNAT, DNAT) for several servers, but they already have NATing configured. The request is to set up another NATing on a different public IP. Would there be an issue with this, or would it work?

A simple example:

Internal server IP: 10.10.10.10
It goes out to the following public IPs

SNAT1: 55.7.49.1 (already activated previously)
SNAT2: 55.7.49.2
DNAT1: 55.7.49.1 (already activated previously)
DNAT2: 55.7.49.2

--------------------------------------

Also, please note that some servers have DNAT configured but specific to a certain port, and the requirement is on another port. Should I set up a new NAT on the new port correctly?



Best regards.




 

22 Replies 22

@Eng-Ruthless 

 You can have as many NAT you need as long as you do not mix up source and ports. As longs as the router can differentiate between the flows it will perform the NAT just fine.

Can you elaborate more on 'not mix up source and ports'? The sentence is clear concerning DNAT, but for SNAT, according to my policy, there is no specific port, just translating the IP from LAN to a public IP.

So, is it possible to translate one IP from LAN to exit on two or three public IPs that I have?

You can have the same source and same destination with different ports. Or you can have different source and destination with the same ports.

Meaning, the router must have some way to differentiate the traffic otherwise it will not install the NAT rule. It will complain right the way.

Hello


@Eng-Ruthless wrote:
The request is to set up another NATing on a different public IP. Would there be an issue with this, or would it work?

Multiple static port address translation to the same ip address is applicable, so yes based on what you have stated, it should be viable 



@Eng-Ruthless wrote:
Should I set up a new NAT on the new port correctly?

You should be able do either, use existing addressing being used for PAT or select a new one


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Technically, when this server goes out to the internet using SNAT, will it exit once on the first public IP address and another time on the second public IP address, and so on?

Hello


@Eng-Ruthless wrote:
Technically, when this server goes out to the internet using SNAT, will it exit once on the first public IP address and another time on the second public IP address, and so on?

Yes this is applicable but you will require nat pools so the traffic can use the multiple addresses defined in those pools.
Translation can be even setup in both directions if you require it, in fact based on your OP that is what you are doing already.

Maybe you can share your nat rtr configuration and elaborate a little more on exactly you wish to accomplish with the addressing you have in mind?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

what is SNAT and DNAT meaning is it static NAT and dynamic NAT ?

MHM

Hello


@MHM Cisco World wrote:

what is SNAT and DNAT meaning is it static NAT and dynamic NAT ?


 

Stateful Nat = SNAT
Destination Nat = DNAT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sorry without get what he try here I could not answer 
and there is no something called Stateful Nat = SNAT 

thanks 

MHM


@MHM Cisco World wrote:
and there is no something called Stateful Nat = SNAT 

So you are saying Stateful Nat isnt a feature correct?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

So you are saying Stateful Nat isnt a feature correct? Yes 

there is no stateful NAT, stateful meaning it detect the state of connection and remove when the connection is idle 

for example the ACL in FW is stateful where when one side send Finish for TCP connection then the ACL will deny any traffic after that between client and server.

MHM

Hello


@MHM Cisco World wrote:

So you are saying Stateful Nat isnt a feature correct? Yes 


I guess cisco is wrong then...


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

It statrful of Hsrp not traffic, did he mentioned any redundancy?

Why you think it stateful got redundancy?

MHM

Hello @MHM Cisco World 

That was just a link to show you cisco SNAT is a feature, tbh, other vendors could call it differently (source nat for one,)  but as this is a cisco forum well....

And regards this OP when SNAT is mentioned, we do not know for sure what is running  hence the request for elaboration on what they are trying to achieve.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul