NAT changing IP source

guilherme · ‎11-17-2011

Hi all,

What would be the best way to configure NAT on Cisco IOS in such a way that when a packet arrives on the outside of my router, it is redirected to an internal host but changing the source IP? Does anyone have a similar IOS configuration?

Thanks in advance.

paul driver · ‎11-17-2011

Hi,

You can use ip nat outside command to translate the outside ip to an internel ip address., this will nat translate in both directions:

example:

outside global addresss - 200.200.200.2

inside local - 10.2.2.2

ip nat outside static 200.200.200.2 10.2.2.2

res

Paul

.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Marwan ALshawi · ‎11-17-2011

just to add to the above post

lets say you have the folowing scenario

LAN 10.1.1.0/24----Router1-.1---192.168.1./24--.2--Router2-----10.2.2.2

and you want 10.2.2.2 to be seen by 10.1.1.0 LAN as 20.2.2.2

what you can do it

in router1

ip nat outside static 10.2.2.2 20.2.2.2

you need a static for the 20.2.2.2 to point to Router inorder for the NAT outside to work

ip route 20.2.2.2 255.255.255.255 192.168.1.2

inter x/x

ip nat inside

inter x/x -- connected to R2

ip nat outside

hope this help

if helpful rate

guilherme · ‎11-18-2011

What if I need to "hide" every public IP addresses from an internal host?

What I need is basically a NAT but when any public IP reaches my router's outside on port 80/tcp, I need the connection to be NATed to an internal host on the same destination port but also changing the *source* address.

mrdogantr · ‎11-18-2011

Hi,

for example;

LAN (192.168.1.0/24) ----> (Gi0/0 ip:192.168.1.1)Router (Gi0/1 ip:8.8.8.8) ------> WAN

Web Server ip : 192.168.1.10

you can use config below;

#conf t

(config)# int gi0/0

(config-if)#desc LAN

(config-if)#ip addr 192.168.1.1 255.255.255.0

(config-if)#ip nat inside

(config-if)#exi

(config)#int gi0/1

(config-if)#desc WAN

(config-if)#ip addr 8.8.8.8 255.255.255.252

(config-if)#ip nat outside

(config-if)#exi

(config)#access-list 10 permit 192.168.1.0 0.0.0.255

(config)#ip nat inside source list 10 int gi0/1 overload

(config)#ip nat inside source static tcp 192.168.1.10 80 int gi0/1 80

(config)#end

#wr

hth

Muammer

Marwan ALshawi · ‎11-18-2011

do you mean you have internal server with public IP and confugured internally with private IP you want to do nat for it on port tcp 80 ?

and in addition al the source IPs confign from outside has to be changed to somthing private ?

if yes you can use th ebelow example

server IP 192.168.1.1-----Fa0/0-R1--Fa0/1----internet

server public IP is 100.1.1.1

ip nat inside source static tcp 192.168.1.1 80 100.1.1.1 80

for outside soruce address to be translated to any private address lets say 10.1.1.0/24

access-list 100 permit tcp any host 100.1.1.1

ip nat pool pool1 10.1.1.1 10.1.1.254 netmask 255.255.255.0

ip nat outside source list 100 pool pool1 add-route

you need a static route fo rth edummy pravte address 10.1.1.0 point either to the exit interface or to your ISP next hope

ip aroute 10.1.1.0 255.255.255.0 interface fa0/1

or

ip route 10.1.1.0 255.255.255.0

int fa0/0

ip nat inside

int fa0/1

ip nat outside

hope this help

if helpful rate