Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
3
Replies

Apply correct Nat

Go to solution
Ranbeckycr_2
Level 1
Level 1

‎10-14-2013 01:02 PM - edited ‎03-07-2019 04:02 PM

Experts,

I need to apply the correct NAT for a server that will be receiving a RDP connection, port 3389 and requires a Static NAT.

Attached my config, straight forward and small.  I currently have everyone leaving with this rule one nat rule:

Important Information to add:

Server Lan IP 192.168.1.20

Server Public IP: 200.1.1.5

Current Nat information:

ip nat pool test 200.1.1.6 200.1.1.6 prefix-length 24

ip nat inside source list 102 pool test overload

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

I tried:

ip nat inside source static 192.168.1.20 200.1.5 --> The commands where applied but the server didn't NAT

Step 2:

added

access-list 102 deny ip host 192.168.1.20 any --> To prevent this IP from going into "PAT" mode and hoping static NAT applies.

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

That didn't work either :-).  If I have to Re-do the entire NAT configuration in order to provide Internet access to my Static Server and the other internal 192.168.1.x Network I have a time window to test it.

Any help is appreciated.

Thanks,
Randall

Labels:
15369109-Router_config_Nat.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎10-14-2013 01:24 PM

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎10-14-2013 01:24 PM

Randall,

The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).

Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.

Best regards,

Peter

0 Helpful

Go to solution
Ranbeckycr_2
Level 1
Level 1
In response to Peter Paluch

‎10-14-2013 02:51 PM

Thanks Peter, I will give it a shot and send the results.

0 Helpful

Go to solution
Ranbeckycr_2
Level 1
Level 1

‎10-16-2013 11:40 AM

Peter, I tested what you suggested and it didn't work.  I think it is related to the ISP because I saw the NAT translations.  What I had to do in order to fix it ran a port redirection, didn't think that would work but it did the trick.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card