Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

Cisco IOS NAT Question

msrohman
Level 1
Level 1

‎10-18-2010 12:53 PM - edited ‎03-06-2019 01:35 PM

Hi All,

I have the following basic static-NAT configured on a Cisco 382 (below). My question is this:  When the IP traffic traversse this router from the "inside" address to the "outside" address. Does the original IP header address get saved in any way? Or is it a complete replacement with the NAT IP? I'm seeing some strange stuff in an upstream firewall (logs).

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description FW_transit_net_3
ip address 172.26.2.162 255.255.255.248
ip nat inside
duplex auto
speed auto
media-type rj45
standby ip 172.26.2.161
standby priority 140
standby preempt
!
interface GigabitEthernet0/1
description FW_transit_net_2
ip address 172.26.2.133 255.255.255.248
ip nat outside
duplex auto
speed auto
media-type rj45
standby ip 172.26.2.132
standby priority 140
standby preempt
!
ip route 0.0.0.0 0.0.0.0 172.26.2.129
ip route 10.77.0.0 255.255.0.0 172.26.2.164
ip route 172.24.7.128 255.255.255.128 172.26.2.164
ip route 172.26.15.0 255.255.255.0 172.26.2.164
ip route 172.26.18.0 255.255.255.0 172.26.2.164
ip route 172.26.19.0 255.255.255.0 172.26.2.164
ip route 172.26.20.0 255.255.255.0 172.26.2.164
ip route 172.26.60.0 255.255.255.0 172.26.2.164
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.77.224.3 172.26.14.3
ip nat inside source static 172.25.60.51 172.26.14.13
ip nat inside source static 172.25.15.170 172.26.14.18
ip nat inside source static 172.25.15.182 172.26.14.54
ip nat inside source static 172.25.60.104 172.26.14.55
ip nat inside source static 172.25.15.217 172.26.14.59
ip nat inside source static 172.25.15.218 172.26.14.60
ip nat inside source static 10.77.224.150 172.26.14.65
ip nat inside source static 172.26.2.165 172.26.14.100
!


Thanks,

Mike

Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎10-18-2010 01:30 PM

Hello,

With NAT, the original IP header is not saved. With static NAT you are using, the ip nat commands build the entire translation table that describes the correspondence between internal and external addresses and how the IP header is modified when passign through a NATting device:

  • For traffic going from inside to outside, the source address is rewritten from inside local to inside global address
  • For traffic going from outside to inside, the destination address is rewritten from inside global to inside local address

Note please that this principle does not need any storage of "original" IP header. Simply matching for the appropriate IP address in the IP header and its rewriting according to the translation table is what the static NAT does in your case.

What problem are you experiencing?

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents