Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2154
Views
10
Helpful
12
Replies

NAT: Translating inbound destination IP

Go to solution
Rack&Stack
Level 1
Level 1

‎05-27-2022 04:39 PM - last edited on ‎06-03-2022 02:28 AM by Community Manager

I'm struggling to figure out how I can perform NAT on ingress packets on the Gi0/1 interface of "isp-router". I want to translate the destination address to 23.1.2.100. Keep in mind this is a lab environment.

isp-router Gi0/1: ip nat outside is applied
isp-router Gi0/0: ip nat inside is applied

 

How can I get packets coming from the internet into my "isp-router", to translate to the address of the PA-1?

 

IP nat screenshot.png

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎05-28-2022 09:48 AM - edited ‎05-28-2022 09:56 AM

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

View solution in original post

12 Replies 12

Go to solution
MHM Cisco World
VIP
VIP

‎05-27-2022 04:45 PM

ip nat static outside <- this use to translate NAT the destination of packet 

0 Helpful

Go to solution
Rack&Stack
Level 1
Level 1
In response to MHM Cisco World

‎05-27-2022 04:59 PM

This is not what I'm looking for. I want to translate the destination packet of an INBOUND packet. Wouldn't I use ip nat inside for that since I'm translating the inside global to inside local?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Rack&Stack

‎05-27-2022 05:08 PM - edited ‎05-28-2022 09:56 AM

simply answer is YES
IP NAT SOURCE STATIC is Bidirectional

meaning 
Inside-Local -> Inside-GLobal  if the traffic from Inside to Outside "here the source is NAT"
Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎05-28-2022 09:48 AM - edited ‎05-28-2022 09:56 AM

IP NAT SOURCE STATIC is Bidirectional

Inside-Global -> Inside-Local if the traffic from Onside to Inside "here the destination is NAT"

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443<-

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443<-

Go to solution
Rack&Stack
Level 1
Level 1
In response to MHM Cisco World

‎05-28-2022 10:02 AM

Screenshot 2022-05-28 120113.png

I see what you mean about bidirectional. But it's asking me to put in a port for this command?

0 Helpful

Go to solution
Rack&Stack
Level 1
Level 1
In response to MHM Cisco World

‎05-28-2022 10:31 AM

I made it work! The command that worked for me is this:

ip nat inside source static tcp 23.1.2.100 443 192.168.1.61 443

Thank you!

Go to solution
MHM Cisco World
VIP
VIP
In response to Rack&Stack

‎05-28-2022 10:45 AM

You are so so welcome 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎05-27-2022 05:15 PM - last edited on ‎06-03-2022 02:33 AM by Community Manager

Hi

 Do you know which IP address will come from outside? 

As far as I know, IOS does not support "ip nat outside overload",

If you know,

 

ip nat outside source static "outside traffic"

 

 

0 Helpful

Go to solution
Rack&Stack
Level 1
Level 1
In response to Flavio Miranda

‎05-28-2022 09:40 AM - edited ‎05-28-2022 09:40 AM

Yes, the source is 192.168.1.171. Translation needs to take place on ISP-Router. G0/1 is the ip nat outside interface. G0/0 is the ip nat inside interface.

 

Original Source: 192.168.1.171

Original Destination: 192.168.1.61:443

 

Translated Source: 192.168.1.171

Translated Destination: 23.1.2.100:443

 

Screenshot 2022-05-28 113939.png

0 Helpful

Go to solution
paul driver
VIP
VIP

‎05-28-2022 12:25 AM - last edited on ‎06-03-2022 02:21 AM by Community Manager

Hello

@Rack&Stack wrote:

I'm translating the inside global to inside local?

There various nat types based on specific requirements, it sounds like you wish to translate to a specific destination address to a local address within your network however can you elaborate on the type of traffic you wish to translate, ip or certain udp/tcp ports? 


Example (ios nat not Palto alto)

Ip nat outside static 23.1.2.100 192.168.1.2

or

ip nat outside static tcp 23.1.2.100 80 192.168.1.2 80

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Rack&Stack
Level 1
Level 1
In response to paul driver

‎05-28-2022 09:50 AM

Hi Paul,

I would like to translate traffic destined to port 443. That's the only port I need. But yes, you correctly understand what my goal is. Unfortunately that command does not work. I'm using IOSv if that helps.

Screenshot 2022-05-28 114947.png

Thanks

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Rack&Stack

‎05-29-2022 04:25 AM - last edited on ‎06-03-2022 02:22 AM by Community Manager

Hello

@Rack&Stack wrote:

Unfortunately that command does not work. I'm using IOSv if that helps.

Screenshot 2022-05-28 114947.png

 

Example (ios nat not Palto alto)

Ip nat outside source static 23.1.2.100 192.168.1.2

or

ip nat outside source static tcp 23.1.2.100 80 192.168.1.2 80

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents