Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
379
Views
10
Helpful
12
Replies
Rack&Stack
Beginner
Beginner
‎05-27-2022 04:39 PM
‎05-27-2022 04:39 PM

NAT: Translating inbound destination IP

I'm struggling to figure out how I can perform NAT on ingress packets on the Gi0/1 interface of "isp-router". I want to translate the destination address to 23.1.2.100. Keep in mind this is a lab environment.

isp-router Gi0/1: ip nat outside is applied
isp-router Gi0/0: ip nat inside is applied

 

How can I get packets coming from the internet into my "isp-router", to translate to the address of the PA-1?

 

IP nat screenshot.png

 

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
MHM Cisco World
Advisor
Advisor
In response to MHM Cisco World
‎05-28-2022 09:48 AM
‎05-28-2022 09:48 AM

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

View solution in original post

12 REPLIES 12
MHM Cisco World
Advisor
Advisor
‎05-27-2022 04:45 PM
‎05-27-2022 04:45 PM

ip nat static outside <- this use to translate NAT the destination of packet 

0 Helpful
Rack&Stack
Beginner
Beginner
In response to MHM Cisco World
‎05-27-2022 04:59 PM
‎05-27-2022 04:59 PM

This is not what I'm looking for. I want to translate the destination packet of an INBOUND packet. Wouldn't I use ip nat inside for that since I'm translating the inside global to inside local?

0 Helpful
MHM Cisco World
Advisor
Advisor
In response to Rack&Stack
‎05-27-2022 05:08 PM
‎05-27-2022 05:08 PM

simply answer is YES
IP NAT SOURCE STATIC is Bidirectional

meaning 
Inside-Local -> Inside-GLobal  if the traffic from Inside to Outside "here the source is NAT"
Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

0 Helpful
MHM Cisco World
Advisor
Advisor
In response to MHM Cisco World
‎05-28-2022 09:48 AM
‎05-28-2022 09:48 AM

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

Rack&Stack
Beginner
Beginner
In response to MHM Cisco World
‎05-28-2022 10:02 AM
‎05-28-2022 10:02 AM

Screenshot 2022-05-28 120113.png

I see what you mean about bidirectional. But it's asking me to put in a port for this command?

0 Helpful
Rack&Stack
Beginner
Beginner
In response to MHM Cisco World
‎05-28-2022 10:31 AM
‎05-28-2022 10:31 AM

I made it work! The command that worked for me is this:

ip nat inside source static tcp 23.1.2.100 443 192.168.1.61 443

Thank you!

MHM Cisco World
Advisor
Advisor
In response to Rack&Stack
‎05-28-2022 10:45 AM
‎05-28-2022 10:45 AM

You are so so welcome 

0 Helpful
Flavio Miranda
Advisor
Advisor
‎05-27-2022 05:15 PM
‎05-27-2022 05:15 PM

Hi

 Do you know which IP address will come from outside? 

As far as I know, IOS does not support "ip nat outside overload",

If you know,

 

ip nat outside source static "outside traffic"

 

 

0 Helpful
Rack&Stack
Beginner
Beginner
In response to Flavio Miranda
‎05-28-2022 09:40 AM
‎05-28-2022 09:40 AM

Yes, the source is 192.168.1.171. Translation needs to take place on ISP-Router. G0/1 is the ip nat outside interface. G0/0 is the ip nat inside interface.

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443

 

Screenshot 2022-05-28 113939.png

0 Helpful
paul driver
VIP Expert VIP Expert
VIP Expert
‎05-28-2022 12:25 AM
‎05-28-2022 12:25 AM

Hello

@Rack&Stack wrote:

I'm translating the inside global to inside local?

There various nat types based on specific requirements, it sounds like you wish to translate to a specific destination address to a local address within your network however can you elaborate on the type of traffic you wish to translate, ip or certain udp/tcp ports? 


Example (ios nat not Palto alto)

Ip nat outside static 23.1.2.100 192.168.1.2

or

ip nat outside static tcp 23.1.2.100 80 192.168.1.2 80

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Rack&Stack
Beginner
Beginner
In response to paul driver
‎05-28-2022 09:50 AM
‎05-28-2022 09:50 AM

Hi Paul,

I would like to translate traffic destined to port 443. That's the only port I need. But yes, you correctly understand what my goal is. Unfortunately that command does not work. I'm using IOSv if that helps.

Screenshot 2022-05-28 114947.png

Thanks

0 Helpful
paul driver
VIP Expert VIP Expert
VIP Expert
In response to Rack&Stack
‎05-29-2022 04:25 AM
‎05-29-2022 04:25 AM

Hello

@Rack&Stack wrote:

Unfortunately that command does not work. I'm using IOSv if that helps.

Screenshot 2022-05-28 114947.png

 

Example (ios nat not Palto alto)

Ip nat outside source static 23.1.2.100 192.168.1.2

or

ip nat outside source static tcp 23.1.2.100 80 192.168.1.2 80

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
1
5
1
5
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad