Solved: Re: NAT: Translating inbound destination IP

Rack&Stack · ‎05-27-2022

I'm struggling to figure out how I can perform NAT on ingress packets on the Gi0/1 interface of "isp-router". I want to translate the destination address to 23.1.2.100. Keep in mind this is a lab environment.

isp-router Gi0/1: ip nat outside is applied
isp-router Gi0/0: ip nat inside is applied

How can I get packets coming from the internet into my "isp-router", to translate to the address of the PA-1?

MHM Cisco World · ‎05-28-2022

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

View solution in original post

MHM Cisco World · ‎05-27-2022

ip nat static outside <- this use to translate NAT the destination of packet

Rack&Stack · ‎05-27-2022

This is not what I'm looking for. I want to translate the destination packet of an INBOUND packet. Wouldn't I use ip nat inside for that since I'm translating the inside global to inside local?

MHM Cisco World · ‎05-27-2022

simply answer is YES
IP NAT SOURCE STATIC is Bidirectional

meaning
Inside-Local -> Inside-GLobal if the traffic from Inside to Outside "here the source is NAT"
Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

MHM Cisco World · ‎05-28-2022

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

Rack&Stack · ‎05-28-2022

I see what you mean about bidirectional. But it's asking me to put in a port for this command?

Rack&Stack · ‎05-28-2022

I made it work! The command that worked for me is this:

ip nat inside source static tcp 23.1.2.100 443 192.168.1.61 443

Thank you!

MHM Cisco World · ‎05-28-2022

You are so so welcome

Flavio Miranda · ‎05-27-2022

Hi

Do you know which IP address will come from outside?

As far as I know, IOS does not support "ip nat outside overload",

If you know,

ip nat outside source static "outside traffic"

Rack&Stack · ‎05-28-2022

Yes, the source is 192.168.1.171. Translation needs to take place on ISP-Router. G0/1 is the ip nat outside interface. G0/0 is the ip nat inside interface.

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443

paul driver · ‎05-28-2022

Hello

@Rack&Stack wrote:

I'm translating the inside global to inside local?

There various nat types based on specific requirements, it sounds like you wish to translate to a specific destination address to a local address within your network however can you elaborate on the type of traffic you wish to translate, ip or certain udp/tcp ports?

Example (ios nat not Palto alto)

Ip nat outside static 23.1.2.100 192.168.1.2

or

ip nat outside static tcp 23.1.2.100 80 192.168.1.2 80

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Rack&Stack · ‎05-28-2022

Hi Paul,

I would like to translate traffic destined to port 443. That's the only port I need. But yes, you correctly understand what my goal is. Unfortunately that command does not work. I'm using IOSv if that helps.

Thanks