cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1447
Views
5
Helpful
4
Replies

Static one to one from multiple WAN's to one LAN (router)

Hi,

I'm trying to setup more than one static translation to an internal IP.

Basically I have a customer who has a firewall on an internal LAN:

192.168.1.100

They have /28 block of IP's and they want them all pointing to the 192.168.1.100 address. I would usually do this via:

ip nat inside source static 192.168.1.100 8.8.8.8

This works fine for one external IP to the internal but as soon as I add the below  the router shoots back that 192.168.1.100 is already mapped to 8.8.8.8

ip nat inside source static 192.168.1.100 4.4.4.4

I understand why you could only have one internal IP mapped to an external address but I thought it would be okay for several external to one internal? Is this possible?

P.S, The obvious question here is going to be why not just put the public IP's straight on the firewall. I know this is the most obvious and easiest solution but due to certain factors this will not be possible in this instance. I won't go into why as it will just muddy the waters

Thanks

Andy

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

Andy,

Are these public addresses going to use the same port? For example, if you have public address 209.9.9.1 - 10, could .1 be used for web traffic, .2 be used for FTP, etc? If so, this issue is simple to resolve by mapping the port to the different address:

ip nat inside source static tcp 192.168.1.100 80 4.4.4.4 80

ip nat inside source static tcp 192.168.1.100 21 4.4.4.5 21

You can use your public addresses by specifying the port number. This is really the only way to do what you're wanting to do afaik. Another option would be to assign multiple secondary addresses to the server that you're wanting to translate and then you can do 1-1 mappings for those secondary addresses:

ip nat inside source static 192.168.1.100 4.4.4.4

ip nat inside source static 192.168.1.101 4.4.4.5

etc...

HTH,

John

HTH, John *** Please rate all useful posts ***

It hasn't been specified yet. Assigning secondary addresses to the server however is a good idea and may solve the issue

Thanks


Andrew

I actually found out how to do this.

Just add the extendable command at the end and it should hopefully then work fine

ip nat inside source static 192.168.1.100 4.4.4.4 extendable

ip nat inside source static 192.168.1.100 8.8.8.8 extendable

Can anyone confirm if this would be okay?

Thanks

Andy

Andy,

I labbed this up and it works as well with no issues. Rated.

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: