Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
4
Replies

Simple NAT question - for someone knowledgeable

sossie
Level 1
Level 1

‎01-30-2012 12:52 AM - last edited on ‎03-25-2019 03:34 PM by Community Manager

Hello,

I have a NAT question for a Cisco IOS router.

I have a static 1:1 Nat for a server behind my router like this:

ip nat inside source static 192.168.1.10 XYZ.XYZ.XYZ.10 route-map nonat  

(XYZ....10 is my public IP)

I also have a mask NAT (overload) for PC's and other servers that need to access the internet like this:

ip nat inside source route-map nonat interface INTERNET overload

INTERNET is another public IP address I own. "nonat" route-map bypasses nat for some VPN's etc.

My question/problem is that inbound traffic from the outside world to XYZ.XYZ.XYZ.10 gets happily natted to the server and communition (eg SMTP) works fine via this address. But if I simply browse out to the internet from my server it appears to come from the public IP address bound to interface INTERNET. e.g. the mask address.

I want it to appear to come from XYZ.XYZ.XYZ.10

How do I fix this?

Cheers, Simon.

Labels:
0 Helpful
4 Replies 4

Calin C.
Level 5
Level 5

‎01-30-2012 01:01 AM

This may be a solution:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic4

Just that , in the example, pool no-overload has a /24, in your case will have a /32 XYZ.XYZ...

Also the access list will contain only one /32 prefix.

Let me know if this helps you!

Cheers,

Calin

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni

‎01-30-2012 01:08 AM

Hi Simon,

Your approach towards the situation is correct but you need to understand little that how the PAT works.

You have static PAT like below.
ip nat inside source static 192.168.1.10 XYZ.XYZ.XYZ.10 route-map nonat
What is the routep-map contains?


And if you have a static PAT then the server will be able to communicate with the used public IP on the ports you specified in the nat command only.
For internet i meant for rest of the communication the traffic will go through your global NAT which is...
ip nat inside source route-map nonat interface INTERNET overload


If you have a full nat like below, then the server (private ip) never use the global nat ip. It will use the only public IP which you used in your static nat.
ip nat inside source static 192.168.1.10 XYZ.XYZ.XYZ.10 extendable

Hope the above clear and understand you. Please let me know if you still have any doubts.


Please rate all the helpfull posts.
Regards,
Naidu.

0 Helpful

sossie
Level 1
Level 1
In response to Latchum Naidu

‎01-30-2012 01:29 AM

Hi Naidu,

My route-map looks like this:

route-map nonat permit 10

match ip address 150   

ACL 150 looks like this:

access-list 150 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 150 permit ip 192.168.1.0 0.0.0.255 any

Do I need to change the route-map somehow? Because the server doees use the global nat 'interface INTERNET' not the public ip as specified in the static nat.

Thanks, Simon.

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to sossie

‎01-30-2012 01:37 AM

Hi Simon,

Can you tell me what you are going to achieve with the route-map you used in your static nat.
And is it not possible to use open static nat like below.. then your server never use the global nat IP it use the public ip only XYZ.XYZ.XYZ.10

ip nat inside source static 192.168.1.10 XYZ.XYZ.XYZ.10 extendable


Please rate all the helpfull posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents