Solved: Portforwading with the same Port number to the same router on 2 different WAN interfaces

nwekechampion · ‎02-02-2020

Hi all,

Just wondering if this is possible on cisco.. doesn't seem to have worked for me.

I am trying to do some Portforwading with the same Port number to the same router on 2 different WAN interfaces.

ip nat inside source static tcp 192.168.0.252 50000 interface Cellular0 50000

ip nat inside source static tcp 192.168.0.252 50000 interface Dialler2 50000 ==> not working, as cisco does not allow me to have 2 similar port numbers. So I can only have one of the above, not both. However, I would need both working as this is a failover config.

Thanks so much all.

paul driver · ‎02-04-2020

Hello

@nwekechampion wrote:

Hi Paul,

I tried the "extenable" at the end of the nat statement but the router IOS would not recognize that command. Could I be missing something here please?

The reason being is your specifying a physical interface instead of a nexthop ip address.
ip nat inside source static tcp 192.168.0.252 50000 <nexthop ip x.x.x.x> 50000 extendable

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

nwekechampion · ‎02-05-2020

Thanks Paul,

That worked, Config I mean, but then I get the message below:

*Feb 6 05:46:47.862: %IP-4-DUPADDR: Duplicate address 110.60.65.2 on GigabitEthernet0/2, sourced by 0c71.2e7f.ad02

FYI, I replicated it on a lab environment first, hence the interfaces are different:

ip nat inside source route-map WAN01 interface GigabitEthernet0/1 overload

ip nat inside source route-map WAN02 interface GigabitEthernet0/2 overload

ip nat inside source static tcp 192.168.1.2 80 110.60.65.2 80 extendable

ip nat inside source static tcp 192.168.1.2 80 200.60.65.2 80 extendable

Thanks

View solution in original post

pieterh · ‎02-03-2020

this is not Cisco specific, you pose a requirement that may not be possible with any vendor.

Maybe you can take a different view at your requirement
- first do the nat !
- then make this NATted traffic routable using two different paths

I guess this will not be able using the interface address of the two links, you need an additional public address ,
that must also be reachable on both WAN links, so also need something lik BGP to publish both routes to this address.

nwekechampion · ‎02-04-2020

HI Pierth,

Not quite, I tired something similar on a sophos firewall and it works perfectly fine.
Thanks for chipping in.

paul driver · ‎02-03-2020

Hello
Add extenable keyword to the static nat statements and it should then allow you.

ip nat inside source static tcp 192.168.0.252 50000 interface Cellular0 50000 extenable
ip nat inside source static tcp 192.168.0.252 50000 interface Dialler2 50000 extenable

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nwekechampion · ‎02-04-2020

Hi Paul,

I tried the "extenable" at the end of the nat statement but the router IOS would not recognise that command. Could I be missing something here please?

Thanks so much for your reply earlier

paul driver · ‎02-04-2020

Hello

@nwekechampion wrote:

Hi Paul,

I tried the "extenable" at the end of the nat statement but the router IOS would not recognize that command. Could I be missing something here please?

The reason being is your specifying a physical interface instead of a nexthop ip address.
ip nat inside source static tcp 192.168.0.252 50000 <nexthop ip x.x.x.x> 50000 extendable

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nwekechampion · ‎02-05-2020

Thanks Paul,

That worked, Config I mean, but then I get the message below:

*Feb 6 05:46:47.862: %IP-4-DUPADDR: Duplicate address 110.60.65.2 on GigabitEthernet0/2, sourced by 0c71.2e7f.ad02

FYI, I replicated it on a lab environment first, hence the interfaces are different:

ip nat inside source route-map WAN01 interface GigabitEthernet0/1 overload

ip nat inside source route-map WAN02 interface GigabitEthernet0/2 overload

ip nat inside source static tcp 192.168.1.2 80 110.60.65.2 80 extendable

ip nat inside source static tcp 192.168.1.2 80 200.60.65.2 80 extendable

Thanks

paul driver · ‎02-11-2020

.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nwekechampion · ‎02-06-2020

Thanks so much Paul.. this worked!!

nwekechampion · ‎02-07-2020

Hi Paul, Thanks again for your assistance.
I mistakenly accepted my reply as a resolution, I am not sure there is a way to undo it. I have looked around. But thank you so much again.

Regards

Georg Pauwen · ‎02-03-2020

Hello,

a workaround would be to use an EEM script that adds/removes the static NAT entry based on which interface is active. This would look something like below:

track 1 ip sla 1 reachability
!
interface Cellular 0
description Primary_Link
!
interface Dialer 2
description Backup_Link
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Cellular 0
frequency 3
!
ip sla schedule 1 start-time now life forever
!
ip route 0.0.0.0 0.0.0.0 Cellular 0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer 2 254
!
ip nat inside source static tcp 192.168.0.252 50000 interface Cellular 0 50000
!
event manager applet PRIMARY_ISP_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "no ip nat inside source static tcp 192.168.0.252 50000 interface Cellular 0 50000"
action 3.0 cli command "ip nat inside source static tcp 192.168.0.252 50000 interface Dialer 2 50000"
action 4.0 cli command "end"
!
event manager applet PRIMARY_ISP_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "no ip nat inside source static tcp 192.168.0.252 50000 interface Dialer 2 50000"
action 3.0 cli command "ip nat inside source static tcp 192.168.0.252 50000 interface Cellular 0 50000"
action 4.0 cli command "end"

nwekechampion · ‎02-04-2020

Thanks Geroge,

I will give this a try and let you know how I go.

Thanks for your reply

Georg Pauwen · ‎02-07-2020

Hello,

actually, I think the below might work as well:

ip nat inside source list 101 interface Cellular0 overload
ip nat inside source list 102 interface Dialer2 overload
!
access-list 101 permit tcp host 192.168.0.252 any eq 50000
access-list 102 permit tcp host 192.168.0.252 any eq 50000

nwekechampion · ‎02-11-2020

Oh just using ACLS ?
Thanks George, I will give that a crack and come back to you..
Thanks agin

nwekechampion · ‎02-11-2020

Oh the only problem though in my case, is that i used routemaps to overload the nat instead of acls

ip nat inside source route-map WAN01 interface GigabitEthernet0/1 overload
ip nat inside source route-map WAN02 interface GigabitEthernet0/2 overload

ip route 0.0.0.0 0.0.0.0 200.60.65.2 track 1
ip route 0.0.0.0 0.0.0.0 110.60.65.2 240

route-map WAN01 permit 10
match ip address LAN
match interface GigabitEthernet0/1
route-map WAN02 permit 10
match ip address LAN
match interface GigabitEthernet0/2

Would it make a difference?