Static NAT inbound and outbound

jonathan225 · ‎06-29-2011

Hello,

I am trying to put a configuration together whereby my internal host 10.10.10.1 can access external host 172.16.1.1 and vice versa by using NAT addressing.

Essentially I set up a router with the following configuration –

!

interface FastEthernet0/0

ip address 10.10.10.2 255.255.255.0

ip nat inside

!

interface FastEthernet0/1

ip address 172.16.1.2 255.255.255.0

ip nat outside

!

As I understand it the outside host 172.16.1.1 should access 172.16.1.3 and be routed to 10.10.10.1

Ip nat inside source static 10.10.10.1 172.16.1.3

Inside host should access 10.10.10.3 and be natted to 172.16.1.1

Ip nat outside source static 172.16.1.1 10.10.10.3

However when I set this up I could only get traffic going one way from Inside to outside, any help would be greatly appreciated.

Thanks,

Jonathan

andrew.prince · ‎06-29-2011

Jonathan,

I am confused by your config:-

Inside host should access 10.10.10.3 and be natted to 172.16.1.1

Ip nat outside source static 172.16.1.1 10.10.10.3

This makes no sense.... ?

jonathan225 · ‎06-29-2011

Sorry,

What I intended on saying was when 10.1.1.1 wants to access 172.16.1.1 it will send a packet to 10.10.10.3 and then be destination natted to 172.16.1.1 and when 172.16.1.1 wants to access 10.10.10.1 it will access 172.16.1.3 and then be destination natted to 10.1.1.1.

Thanks,

andrew.prince · ‎06-29-2011

Again - I am confused - a diagram would help?

jonathan225 · ‎06-29-2011

Does this help?

FrancisIldefonso · ‎06-29-2011

Can you post the topology/diagram?

I can see problems in your configuration but post your topology first to verify things and we'll try to solve it.

Regards

Valentin Vasilev · ‎06-29-2011

Hi,

What I'm confused is why you said that you want to NAT the destination address? It is source NAT that you showed on the config above. And when you create static NAT you don't need to do it both ways you just create one entry to translate the source address on the way out and the router will automatically translale the destination address of reply packets.

Hope this was helpful!

Valentin

Sent from Cisco Technicali Support iPhone App

FrancisIldefonso · ‎06-29-2011

I think he's applying the other NAT config on the destination router.

jonathan225 · ‎06-30-2011

Hello and thanks for your replies.

I have posted the topology diagram below, essentially I am trying to destination NAT both ways so Host A can access Host B but does not know Host A's real IP address and B can access A without knowing A's real IP address.

Thank you

andrew.prince · ‎06-30-2011

conf t

int fa 0/0

no ip nat inside

int fa 0/1

no ip nat outside

no ip nat outside source static 171.16.1.1 10.10.10.3

no ip nat inside source static 10.10.10.1 171.16.1.3

int fa 0/0

ip nat enable

int fa 0/1

ip nat enable

ip nat source static 171.16.1.1 10.10.10.3 no-alias

ip nat source static 10.10.10.1 171.16.1.3 no-alias

jonathan225 · ‎06-30-2011

Many thanks Andrew,

If I was to add another router and use HSRP will this be ok as I have had to use the redundnacy command when using HSRP and NAT. I know it's not part of the config sent just a wonder thats all.

Thanks again,

Jonathan

andrew.prince · ‎06-30-2011

You can amend the config to allow for HSRP, also adding statefull information to allow the NAT State Table to be sent between the HSRP routers, also need to reconfigure your HSRP to accomodate this.

HOWEVER I'm not 100% sure you can have Static sNAT, I know you can do it using Dynamic NAT pools...

jonathan225 · ‎07-01-2011

Thanks Andrew.

Sent from Cisco Technical Support iPhone App