Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3572
Views
5
Helpful
4
Replies

IP NAT inside source/ IP NAT source list Questions

BigDawgFelton
Level 1
Level 1

‎10-26-2012 04:36 PM - edited ‎03-07-2019 09:42 AM

Can anyone tell explain to me the difference in the two commands?

I was having issues with some port forwarding where it was working, but shortly after the connection to the inside webserver was made any network off of the router couldn't be accessed for around 3 min. Then all of a sudden it would all start working again. I couldn't ping the router or anything.

Then I noticed in my config that I had accidentially wrote:

ip nat source list (List) interface fa 0/1.20

instead of

ip nat inside source list (List) interface fa 0/1.20

I don't think I needed the overload on this command as there is really only one IP address on the inside interface. There might be more in the future so is it just a good idea to add it now?

Also one more thing....

Is it possible to have two NAT outside interfaces and do port forwarding through both?               

Labels:
0 Helpful
4 Replies 4

Jan Hrnko
Level 4
Level 4

‎10-26-2012 06:15 PM

Hi Elton,

you can configure NAT two ways(therefore these 2 commands)

1.ip nat source list

This is command used for configuration of NAT Virtual Interface. It enables Network Address Translation on a virtual interface without inside or outside specification.

The NAT Virtual Interface (NVI) feature removes the requirement to  configure an interface as either Network Address Translation (NAT)  inside or NAT outside. An interface can be configured to use NAT or not  use NAT.

NVI allows traffic between overlapped VPN routing/forwarding (VRFs) in  the same Provider Edge (PE) router, and traffic from inside to inside  between overlapping networks.

2. ip nat inside source

This enables Network Address Translation (NAT) of the inside source address. When configuring NAT this way, you have to specify which interfaces are inside and which are outside. You have to use ip nat inside and ip nat outside as you know.

I have misconfigured NAT so many times just like you did, because of these commands are so similar one to another!!!

For more information, please refer to this document:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html

I don't think I needed the overload on this command as there is  really only one IP address on the inside interface. There might be more  in the future so is it just a good idea to add it now?

Well I'm not sure if it will increase CPU utilization or not. If you use overload command and have only one inside IP address, then things are working the same way as without overload - but I don't know if they run the same internally.

Is it possible to have two NAT outside interfaces and do port forwarding through both?  

If you mean something like:

ip nat inside source list 1 interface fa 0/0 overload

ip nat inside source list 2 interface fa 0/1 overload

Then the answer is yes.

Best regards,

Jan

BigDawgFelton
Level 1
Level 1

‎10-26-2012 06:41 PM

Hello Jan

Thanks for the reply on this.

As per the last question about port forwarding using 2 NAT outside interfaces I currently have an internal FTP server and am forwarding port 21 using the I internal IP address for the outside interface.

With my newly created interface can I do the same thing to an internal web server through this new NAT outside interface.

With the current incorrect NAT statement from above the port forward to the internal web server is working. However as soon as I initiate this traffic the router seems to go haywire and I lose all connections to the VLANS and the actual router itself. Is this just because of the incorrect NAT statement?

Sent from Cisco Technical Support iPhone App

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to BigDawgFelton

‎10-27-2012 01:32 AM

Hi,

if you want to do NAT overload (which is done when you do a dynamic PAT configuration like you did) on 2 interfaces

for load-sharing then you have to use route-maps for the NAT statements and these route-maps must mach on an ACL defining traffic to nat and also match on the outgoing interface because routing is always done before NAT.

Now if you want to forward traffic to a server you must use either static NAT or static PAT.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

BigDawgFelton
Level 1
Level 1

‎10-27-2012 05:44 AM

What's if the source list for NAT contains the same range of IP addresses on both interfaces?

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card