06-14-2016 02:14 AM - edited 03-05-2019 04:13 AM
Hi experts,
I have hit an issue with natting an IP which is not directly connected to my router. My router has 2 interfaces. 1 interface connects to the WAN and the other inside. Illustration below:
WAN <-- 57.x.x.x --> Router <-- 192.168.10.0/24 --> Firewall <--172.16.10.0/24--> Core Switch <-- 172.16.20.0/24 -->Firewall<--10.6.100.0/24 (Host IP 10.6.100.100)
I want to NAT the Host 10.6.100.100 to an external IP address (e.g. 56.x.x.x) forwarding to the WAN. I have applied:
ip nat -> inside
ip nat -> outside
ip nat inside source static 10.6.100.100 56.x.x.x
I do understand that the host IP is not directly connected and when I trace route from the host to the ultimate destination, the trace route from the host only displays the router inside IP and it does not know where to go. Any help on this is greatly appreciated! Thank you!
Solved! Go to Solution.
06-14-2016 07:43 PM
I can say the concept is fine; but without seeing more specific config I can't help further. It could be ACL's. It could be lots of things.
06-14-2016 01:54 PM
As long as the WAN is routing 56.x.x.x towards the router, and the firewall permits traffic to 10.6.100.100 from its outside interface that should be fine.
06-14-2016 07:39 PM
Hi Philip,
we do have a route for 10.6.100.100 via the outside IP of my firewall. "ip route 10.6.100.100 255.255.255.255 <ip of firewall outside intterface>" And the firewall is allowing any to any now via the outside since it is still now in pre-production. Is there anything that I am missing? ACLs?
06-14-2016 07:43 PM
I can say the concept is fine; but without seeing more specific config I can't help further. It could be ACL's. It could be lots of things.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: