02-15-2021 09:25 PM
Hi,
Need a help.
User --- ROUTER -- SERVER
User 10.1.1.10
router 10.1.1.1
server 203.152.100.32 9400
I am trying to setup a NAT where user is trying to access the server on port 9400 but it is using router inside IP address as server IP address.
I have tried standard nat outside command but it seems like it only works if the traffic is passing not terminating.
Can you please help with the correct configuration.
user is trying: 10.1.1.1:9400
need to translate : 203.152.100.32 9400
Thank you,
Nilay Vyas.
02-15-2021 10:05 PM
What is your mean by like it only works if the traffic is passing not terminating..
Share your configuration and show command output.
02-16-2021 12:56 AM
203.152.100.32 - is this IP address inside the network or out of the network?
If this is inside Router should aware in the routing table Route can forward your request to the server, the server should be able to route back to the router.
203.152.100.32 - if this is outside your network, the Router will NAT all the traffic while leaving your network to reach outside of your network. So your RFC1918 address can not be routable to the internet.
to understand better please post the complete router config.
02-16-2021 02:20 AM
Hello,
a NAT Virtual Interface configuration might work:
ROUTER
interface GigabitEthernet0/1
description LAN
ip address 10.1.1.1 255.255.255.0
ip nat enable
!
interface GigabitEthernet0/0
description WAN Uplink
ip nat enable
!
ip nat source static tcp 203.152.100.32 9400 10.1.1.1 9400
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
02-16-2021 01:00 PM
Sorry guys I do understand Running configuration and proper diagram would be great but I can't due to restrications.
User has to connect to the proxy server which is behind GRE tunnel.
Very simple way to explain,
User can only connect to the Zone which is allowed but the proxy server is in the zone which is not allowed.
It is very restricted enviornment.
My solution is to use the cisco router LAN address in allowed zone and then change the destination Nat to proxy address which is rechable via GRE tunnel.
Firewall is managed by thirdparty and they will not add a route or rule to allow directly to the proxy server. (I don't understand the logic but they said if you can work it around do that first, may be a month long security clearance process).
I have tried outside nat but as I am using router IP address as destination of the traffic generated by user, outside NAT is not even hitting. Router replies back saying port is not open which is true.
I want to see how can I do the natting where inside user can access outside server by sending the traffic to router trusted zone address and then router nat that to the proxy server.
I am happy to create some dummy IP and scenarios.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide