cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
400
Views
0
Helpful
3
Replies
Ranbeckycr_2
Beginner

Apply correct Nat

Experts,

I need to apply the correct NAT for a server that will be receiving a RDP connection, port 3389 and requires a Static NAT.

Attached my config, straight forward and small.  I currently have everyone leaving with this rule one nat rule:

Important Information to add:

Server Lan IP 192.168.1.20

Server Public IP: 200.1.1.5

Current Nat information:

ip nat pool test 200.1.1.6 200.1.1.6 prefix-length 24

ip nat inside source list 102 pool test overload

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

I tried:

ip nat inside source static 192.168.1.20 200.1.5 --> The commands where applied but the server didn't NAT

Step 2:

added

access-list 102 deny ip host 192.168.1.20 any --> To prevent this IP from going into "PAT" mode and hoping static NAT applies.

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

That didn't work either :-).  If I have to Re-do the entire NAT configuration in order to provide Internet access to my Static Server and the other internal 192.168.1.x Network I have a time window to test it.

Any help is appreciated.

Thanks,
Randall

1 ACCEPTED SOLUTION

Accepted Solutions
Peter Paluch
Hall of Fame Cisco Employee

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

View solution in original post

3 REPLIES 3
Peter Paluch
Hall of Fame Cisco Employee

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

View solution in original post

Thanks Peter, I will give it a shot and send the results.

Ranbeckycr_2
Beginner

Peter, I tested what you suggested and it didn't work.  I think it is related to the ISP because I saw the NAT translations.  What I had to do in order to fix it ran a port redirection, didn't think that would work but it did the trick.