10-26-2012 04:36 PM - edited 03-07-2019 09:42 AM
Can anyone tell explain to me the difference in the two commands?
I was having issues with some port forwarding where it was working, but shortly after the connection to the inside webserver was made any network off of the router couldn't be accessed for around 3 min. Then all of a sudden it would all start working again. I couldn't ping the router or anything.
Then I noticed in my config that I had accidentially wrote:
ip nat source list (List) interface fa 0/1.20
instead of
ip nat inside source list (List) interface fa 0/1.20
I don't think I needed the overload on this command as there is really only one IP address on the inside interface. There might be more in the future so is it just a good idea to add it now?
Also one more thing....
Is it possible to have two NAT outside interfaces and do port forwarding through both?
10-26-2012 06:15 PM
Hi Elton,
you can configure NAT two ways(therefore these 2 commands)
1.ip nat source list
This is command used for configuration of NAT Virtual Interface. It enables Network Address Translation on a virtual interface without inside or outside specification.
The NAT Virtual Interface (NVI) feature removes the requirement to configure an interface as either Network Address Translation (NAT) inside or NAT outside. An interface can be configured to use NAT or not use NAT.
NVI allows traffic between overlapped VPN routing/forwarding (VRFs) in the same Provider Edge (PE) router, and traffic from inside to inside between overlapping networks.
2. ip nat inside source
This enables Network Address Translation (NAT) of the inside source address. When configuring NAT this way, you have to specify which interfaces are inside and which are outside. You have to use ip nat inside and ip nat outside as you know.
I have misconfigured NAT so many times just like you did, because of these commands are so similar one to another!!!
For more information, please refer to this document:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
I don't think I needed the overload on this command as there is really only one IP address on the inside interface. There might be more in the future so is it just a good idea to add it now?
Well I'm not sure if it will increase CPU utilization or not. If you use overload command and have only one inside IP address, then things are working the same way as without overload - but I don't know if they run the same internally.
Is it possible to have two NAT outside interfaces and do port forwarding through both?
If you mean something like:
ip nat inside source list 1 interface fa 0/0 overload
ip nat inside source list 2 interface fa 0/1 overload
Then the answer is yes.
Best regards,
Jan
10-26-2012 06:41 PM
Hello Jan
Thanks for the reply on this.
As per the last question about port forwarding using 2 NAT outside interfaces I currently have an internal FTP server and am forwarding port 21 using the I internal IP address for the outside interface.
With my newly created interface can I do the same thing to an internal web server through this new NAT outside interface.
With the current incorrect NAT statement from above the port forward to the internal web server is working. However as soon as I initiate this traffic the router seems to go haywire and I lose all connections to the VLANS and the actual router itself. Is this just because of the incorrect NAT statement?
Sent from Cisco Technical Support iPhone App
10-27-2012 01:32 AM
Hi,
if you want to do NAT overload (which is done when you do a dynamic PAT configuration like you did) on 2 interfaces
for load-sharing then you have to use route-maps for the NAT statements and these route-maps must mach on an ACL defining traffic to nat and also match on the outgoing interface because routing is always done before NAT.
Now if you want to forward traffic to a server you must use either static NAT or static PAT.
Regards.
Alain
Don't forget to rate helpful posts.
10-27-2012 05:44 AM
What's if the source list for NAT contains the same range of IP addresses on both interfaces?
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide