Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
3
Replies

NAT on Cisco Router 3925 with an IP not directly connected

Go to solution
Marcus Peck
Level 1
Level 1

‎06-14-2016 02:14 AM - edited ‎03-05-2019 04:13 AM

Hi experts,

I have hit an issue with natting an IP which is not directly connected to my router. My router has 2 interfaces. 1 interface connects to the WAN and the other inside. Illustration below:

WAN <-- 57.x.x.x --> Router <-- 192.168.10.0/24 --> Firewall <--172.16.10.0/24--> Core Switch <-- 172.16.20.0/24 -->Firewall<--10.6.100.0/24 (Host IP 10.6.100.100)

I want to NAT the Host 10.6.100.100 to an external IP address (e.g. 56.x.x.x) forwarding to the WAN. I have applied:

ip nat -> inside

ip nat -> outside

ip nat inside source static 10.6.100.100 56.x.x.x

I do understand that the host IP is not directly connected and when I trace route from the host to the ultimate destination, the trace route from the host only displays the router inside IP and it does not know where to go. Any help on this is greatly appreciated! Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Marcus Peck

‎06-14-2016 07:43 PM

I can say the concept is fine; but without seeing more specific config I can't help further.  It could be ACL's.  It could be lots of things.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-14-2016 01:54 PM

As long as the WAN is routing 56.x.x.x towards the router, and the firewall permits traffic to 10.6.100.100 from its outside interface that should be fine.

0 Helpful

Go to solution
Marcus Peck
Level 1
Level 1
In response to Philip D'Ath

‎06-14-2016 07:39 PM

Hi Philip,

we do have a route for 10.6.100.100 via the outside IP of my firewall. "ip route 10.6.100.100 255.255.255.255 <ip of firewall outside intterface>" And the firewall is allowing any to any now via the outside since it is still now in pre-production. Is there anything that I am missing? ACLs?

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Marcus Peck

‎06-14-2016 07:43 PM

I can say the concept is fine; but without seeing more specific config I can't help further.  It could be ACL's.  It could be lots of things.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card