Static nat

ziziahmed9 · ‎05-03-2023

Hy everyone

Please I have problem with cisco router

I configured static nat on router , when I run show ip nat transactions, the internal and external addresses that I configure appear but when capture packets outside the source ip doesn't translated ?

Thank

MHM Cisco World · ‎05-03-2023

if the NAT transaction show IP not IP + L4 ports then the NAT is not work, what you see is static NAT you config not what router NATing

ziziahmed9 · ‎05-03-2023

exactly I see just IP without Port ? How can I resolve this problem and enable static nat?

MHM Cisco World · ‎05-03-2023

TS point to check

1- make sure that you config

ip nat inside

ip nat outside

2- Check if traffic is enter from inside and exit from outside interface.

3- make double check that IP is correct.

ziziahmed9 · ‎05-03-2023

Because when now I work with dynamic nat , it works but static no ?

MHM Cisco World · ‎05-03-2023

can I see the NAT config

ziziahmed9 · ‎05-03-2023

The current config (dynamic nat)?

MHM Cisco World · ‎05-03-2023

I need config for following:-
1- routing config in router
2- interface config
3- dynamic NAT config
4- static NAT config

ziziahmed9 · ‎05-03-2023

this is static NAT

Router(config)#ip nat inside source static 10.0.0.2 59.40.40.1

Router(config)#interface fa0/0

Router(config-if)#ip nat inside

Router(config)#interface fa0/1

Router(config-if)#ip nat outside

S* 0.0.0.0/0 [1/0] via 192.168.36.1
192.168.36.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.36.0/24 is directly connected, Ethernet0/1
L 192.168.36.55/32 is directly connected, Ethernet0/1
L 192.168.36.80/32 is directly connected, Ethernet0/1
L 192.168.36.81/32 is directly connected, Ethernet0/1
S 192.168.42.0/24 [1/0] via 192.168.43.2
192.168.43.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.43.0/24 is directly connected, Ethernet0/0
L 192.168.43.1/32 is directly connected, Ethernet0/0
S 192.168.44.0/24 [1/0] via 192.168.36.66

i remove static NAT and replace it with dynamic configuration :

Router(config)#interface fa0/0

Router(config-if)#ip nat inside

Router(config)#interface eth0/0/0

Router(config-if)#ip nat outside

Router(config)#access-list 1 permit 192.168.0.0 0.0.255.255

Router(config)#ip nat pool MY_POOL 4.4.4.1 4.4.4.5 netmask 255.255.255.0

Router(config)#ip nat inside source list 1 pool MY_POOL

MHM Cisco World · ‎05-03-2023

Router(config)#ip nat inside source static 10.0.0.2 59.40.40.1

S* 0.0.0.0/0 [1/0] via 192.168.36.1
192.168.36.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.36.0/24 is directly connected, Ethernet0/1
L 192.168.36.55/32 is directly connected, Ethernet0/1
L 192.168.36.80/32 is directly connected, Ethernet0/1
L 192.168.36.81/32 is directly connected, Ethernet0/1
S 192.168.42.0/24 [1/0] via 192.168.43.2
192.168.43.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.43.0/24 is directly connected, Ethernet0/0
L 192.168.43.1/32 is directly connected, Ethernet0/0
S 192.168.44.0/24 [1/0] via 192.168.36.66

the routing not show the real IP and mapped IP ??

paul driver · ‎05-03-2023

Hello
Usually when you perform static nat and dynamic nat together, you would negate the static nat address from the dynamic nat ACL
Example
access-list 1 deny host 192.168.0.2
access-list 1 192.168.0.0.0.255.255

ip nat pool MY_POOL 4.4.4.1 4.4.4.5 netmask 255.255.255.0
ip nat inside source list 1 pool MY_POOL
ip nat inside source static 192.168.0.2 4.4.4.6

However from your OP the static nat addressing does not reflect either an internal or external host currently active within or towards your network, unless that is you are not showing all the correct information?

ip nat inside source static 10.0.0.2 59.40.40.1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ziziahmed9 · ‎05-03-2023

Sorry , I have mixed my config and the config that I based on .

this is static NAT

Router(config)#ip nat inside source static 192.168.42.43 192.168.36.80

Router(config)#interface fa0/0

Router(config-if)#ip nat inside

Router(config)#interface fa0/1

Router(config-if)#ip nat outside

S* 0.0.0.0/0 [1/0] via 192.168.36.1
192.168.36.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.36.0/24 is directly connected, Ethernet0/1
L 192.168.36.55/32 is directly connected, Ethernet0/1
L 192.168.36.80/32 is directly connected, Ethernet0/1
L 192.168.36.81/32 is directly connected, Ethernet0/1
S 192.168.42.0/24 [1/0] via 192.168.43.2
192.168.43.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.43.0/24 is directly connected, Ethernet0/0
L 192.168.43.1/32 is directly connected, Ethernet0/0
S 192.168.44.0/24 [1/0] via 192.168.36.66

i removed static NAT and replaced it with dynamic configuration :

Router(config)#interface fa0/0

Router(config-if)#ip nat inside

Router(config)#interface fa0/1

Router(config-if)#ip nat outside

Router(config)#access-list 1 permit 192.168.0.0 0.0.255.255

Router(config)#ip nat pool MY_POOL 192.168.35.80 192.168.35.100 netmask 255.255.255.0

Router(config)#ip nat inside source list 1 pool MY_POOL

MHM Cisco World · ‎05-03-2023

how three device connect to same interface ?
L 192.168.36.55/32 is directly connected, Ethernet0/1
L 192.168.36.80/32 is directly connected, Ethernet0/1
L 192.168.36.81/32 is directly connected, Ethernet0/1

ziziahmed9 · ‎05-03-2023

the ip address of ethernet 0/1 is 192.168.36.55/32 but the others I think that are added due to NAT

MHM Cisco World · ‎05-03-2023

correct and it answer for why the static is not work
you use NAT 1:1 to IP and dynamic so you must start config the router again in this seq
no ip nat outside
no ip nat inside list
clear ip nat <<- apply this at least three times
ip nat inside static
ip nat outside

then check the
show ip nat translation