08-07-2012 01:30 AM - edited 03-04-2019 05:11 PM
Hi,
I'm trying to setup more than one static translation to an internal IP.
Basically I have a customer who has a firewall on an internal LAN:
192.168.1.100
They have /28 block of IP's and they want them all pointing to the 192.168.1.100 address. I would usually do this via:
ip nat inside source static 192.168.1.100 8.8.8.8
This works fine for one external IP to the internal but as soon as I add the below the router shoots back that 192.168.1.100 is already mapped to 8.8.8.8
ip nat inside source static 192.168.1.100 4.4.4.4
I understand why you could only have one internal IP mapped to an external address but I thought it would be okay for several external to one internal? Is this possible?
P.S, The obvious question here is going to be why not just put the public IP's straight on the firewall. I know this is the most obvious and easiest solution but due to certain factors this will not be possible in this instance. I won't go into why as it will just muddy the waters
Thanks
Andy
Solved! Go to Solution.
08-07-2012 03:49 AM
Andy,
Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:
ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80
ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21
You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:
ip nat inside source static 192.168.1.100 4.4.4.4
ip nat inside source static 192.168.1.101 4.4.4.5
etc...
HTH,
John
08-07-2012 03:49 AM
Andy,
Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:
ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80
ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21
You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:
ip nat inside source static 192.168.1.100 4.4.4.4
ip nat inside source static 192.168.1.101 4.4.4.5
etc...
HTH,
John
08-07-2012 05:05 AM
It hasn't been specified yet. Assigning secondary addresses to the server however is a good idea and may solve the issue
Thanks
Andrew
08-10-2012 01:56 AM
I actually found out how to do this.
Just add the extendable command at the end and it should hopefully then work fine
ip nat inside source static 192.168.1.100 4.4.4.4 extendable
ip nat inside source static 192.168.1.100 8.8.8.8 extendable
Can anyone confirm if this would be okay?
Thanks
Andy
08-10-2012 03:37 AM
Andy,
I labbed this up and it works as well with no issues. Rated.
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide