Solved: Hi Sir AllertGen, Thanks for

dyop.geop · ‎01-28-2015

Hi fellow engineers,

Hope you could help me out in this problem.

This is just a simple static nat implementation but I couldn't make this work. :(

Kindly take note that I just changed the first 3 octets of the public ip addresses.

This is the static nat that doesn't work. this is found in the config below. ip nat inside source static 10.88.82.27 1.1.1.126

This router is a Cisco C867VAE-W-A-K9

THANKS SO MUCH :)

Please see the config below.

version 15.3

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname JP-RT1

!

boot-start-marker

boot-end-marker

!

aqm-register-fnf

!

enable secret 5 $1$PuQ8$MOI.WjwPslCgIi0krdAgh0

!

no aaa new-model

wan mode ethernet

!

ip dhcp excluded-address 10.88.81.1 10.88.81.100

ip dhcp excluded-address 10.88.81.246 10.88.81.255

ip dhcp excluded-address 192.168.88.1 192.168.88.10

ip dhcp excluded-address 192.168.88.246 192.168.88.255

!

ip dhcp pool MARKCOM_DHCP_WLAN

network 10.88.81.0 255.255.255.0

default-router 10.88.81.1

dns-server X.X.X.X

!

ip dhcp pool HDI-Guest

network 192.168.88.0 255.255.255.0

default-router 192.168.88.1

dns-server X.X.X.X

!

no ip domain lookup

ip domain name hdi.com

ip name-server 8.8.8.8

ip name-server X.X.X.X

ip cef

no ipv6 cef

!

crypto pki trustpoint TP-self-signed-2797460316

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2797460316

revocation-check none

rsakeypair TP-self-signed-2797460316

!

crypto pki certificate chain TP-self-signed-2797460316

certificate self-signed 01

3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 32373937 34363033 3136301E 170D3134 31313236 30393135

35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37393734

36303331 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100D18F 4A89739D 3F76E250 98A3B010 F084AA0F AF0BED53 06CC2744 744DCC96

ECD5F567 A3C244F7 15B58F60 08033EA7 1BCF3A49 24295FD0 546EE7D6 BC0992A8

70AFAC88 F9A0FC52 F4F18EC2 435FB76A 95BCBE8A 60D68171 5B0CC447 6F2ECCA8

48680FF4 95F13417 D703BF4B 8C9FD7B6 D7EB3C0E 05E547DD ECB00102 F8D59813

90950203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 145A8A54 FD847C8F 5A55DC67 FAFD7318 E26A57AA 96301D06

03551D0E 04160414 5A8A54FD 847C8F5A 55DC67FA FD7318E2 6A57AA96 300D0609

2A864886 F70D0101 05050003 8181002B 039A4DA1 04B39609 53ACC1A4 B1BF3CF6

C60029D4 3FF2735D 6D8A8E0A 0839EE3D BBA17B38 AFB1840F FDAB54AD B5319BD8

175AEAAF 501E8CD1 476A2389 DFC95BF1 19228C02 7E168EDC D4AB5D53 96F7D627

06004E42 F8F00D91 B5642D97 60DFEAFE F1B8043B 28E27F4F 184E6474 D678428B

7CD40105 809B1B8B 41E2B976 0099EF

quit

!

username admin privilege 15 secret 5 $1$1yT6$GQiLg3lf3ny3Z878g.92Y0

!

controller VDSL 0

shutdown

!

ip ssh version 2

!

crypto isakmp policy 100

encr aes

authentication pre-share

group 2

crypto isakmp key p@ssw0rDhditechteam address 1.1.1.106

!

crypto ipsec transform-set HDITECHVPN esp-aes esp-sha-hmac

mode tunnel

!

crypto map HDITECH_IPSECVPN 100 ipsec-isakmp

set peer 1.1.1.106

set transform-set HDITECHVPN

match address VPN_ADDRESSES

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface Ethernet0

no ip address

shutdown

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface GigabitEthernet0

switchport mode trunk

no ip address

!

interface GigabitEthernet1

switchport access vlan 83

no ip address

spanning-tree portfast

!

interface GigabitEthernet2

description WAN - Internet DSL

ip address 1.1.1.125 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map HDITECH_IPSECVPN

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport access vlan 81

no ip address

!

interface Vlan1

description Guest_WiFi

ip address 192.168.88.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan80

description JP_VOIP_VLAN_80_GATEWAY

ip address 10.88.80.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan81

description MARKCOM_VLAN_81_GATEWAY

ip address 10.88.81.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan82

description ACC&SERVER_VLAN_82_GATEWAY

ip address 10.88.82.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan83

description JP-RT1 MAANGEMENT IP

ip address 10.88.83.11 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http secure-server

!

ip nat inside source list NAT_ADDRESSES interface GigabitEthernet2 overload

ip nat inside source static 10.88.82.27 1.1.1.126

ip route 0.0.0.0 0.0.0.0 1.1.1.1

!

ip access-list extended NAT_ADDRESSES

deny ip 10.88.80.0 0.0.3.255 10.88.40.0 0.0.7.255

permit ip 10.88.80.0 0.0.3.255 any

permit ip 192.168.88.0 0.0.0.255 any

ip access-list extended VPN_ADDRESSES

permit ip 10.88.80.0 0.0.3.255 10.88.40.0 0.0.7.255

!

line con 0

exec-timeout 5 0

logging synchronous

login local

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

stopbits 1

line vty 0 4

exec-timeout 5 0

logging synchronous

login local

transport input telnet ssh

!

scheduler allocate 60000 1000

!

end

JP-RT1#

AllertGen · ‎02-02-2015

Hi, Geoffrey Wong.

Yes, you can do so. Place another IP address as secondary to the GE2 interface. You can use line:

(config-if)# ip address 10.1.1.126 255.255.255.0 secondary

After this you can put this secondary address to your NAT command.

View solution in original post

Cisco Freak · ‎01-28-2015

Can you please share the output of 'show ip nat translation'?

CF

dyop.geop · ‎01-29-2015

Hi Sir Cisco Freak! thanks for the reply.

Please take note that i changed the first 3 octets of the public ip address to 1.1.1. :)

Hope you can still use the information below.

JP-RT1#show ip nat translations |s 1.1.1.126
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40083 198.199.98.246:40083
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40084 198.199.98.246:40084
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40085 198.199.98.246:40085
--- 1.1.1.126 10.88.82.27 --- ---
JP-RT1#show ip nat translations | s 10.88.82.27
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40083 198.199.98.246:40083
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40084 198.199.98.246:40084
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40085 198.199.98.246:40085
tcp 1.1.1.125:1766 10.88.82.27:1766 202.78.83.48:80 202.78.83.48:80
tcp 1.1.1.125:1932 10.88.82.27:1932 178.255.155.114:5938 178.255.155.114:5938
tcp 1.1.1.125:2355 10.88.82.27:2355 202.78.113.173:443 202.78.113.173:443
tcp 1.1.1.125:2456 10.88.82.27:2456 202.78.113.168:443 202.78.113.168:443
tcp 1.1.1.125:2561 10.88.82.27:2561 202.78.113.81:443 202.78.113.81:443
tcp 1.1.1.125:2633 10.88.82.27:2633 202.78.113.172:443 202.78.113.172:443
tcp 1.1.1.125:4448 10.88.82.27:4448 173.194.72.125:5222 173.194.72.125:5222
tcp 1.1.1.125:4617 10.88.82.27:4617 74.125.203.125:5222 74.125.203.125:5222
--- 1.1.1.126 10.88.82.27 --- ---
JP-RT1#

JP-RT1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40083 198.199.98.246:40083
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40084 198.199.98.246:40084
tcp 1.1.1.126:21 10.88.82.27:21 198.199.98.246:40085 198.199.98.246:40085
tcp 1.1.1.126:23 10.88.82.27:23 198.199.98.246:57944 198.199.98.246:57944
tcp 1.1.1.126:23 10.88.82.27:23 198.199.98.246:57945 198.199.98.246:57945
tcp 1.1.1.126:23 10.88.82.27:23 198.199.98.246:57946 198.199.98.246:57946
icmp 1.1.1.126:39 10.88.82.27:39 121.58.234.50:39 121.58.234.50:39
tcp 1.1.1.126:80 10.88.82.27:80 198.199.98.246:43716 198.199.98.246:43716
tcp 1.1.1.126:80 10.88.82.27:80 198.199.98.246:43719 198.199.98.246:43719
tcp 1.1.1.126:80 10.88.82.27:80 198.199.98.246:43720 198.199.98.246:43720
tcp 1.1.1.125:1766 10.88.82.27:1766 202.78.83.48:80 202.78.83.48:80
tcp 1.1.1.125:1932 10.88.82.27:1932 178.255.155.114:5938 178.255.155.114:5938
tcp 1.1.1.125:2355 10.88.82.27:2355 202.78.113.173:443 202.78.113.173:443
tcp 1.1.1.125:2456 10.88.82.27:2456 202.78.113.168:443 202.78.113.168:443
tcp 1.1.1.125:2561 10.88.82.27:2561 202.78.113.81:443 202.78.113.81:443
tcp 1.1.1.125:2633 10.88.82.27:2633 202.78.113.172:443 202.78.113.172:443
tcp 1.1.1.125:4448 10.88.82.27:4448 173.194.72.125:5222 173.194.72.125:5222
tcp 1.1.1.125:4617 10.88.82.27:4617 74.125.203.125:5222 74.125.203.125:5222
--- 1.1.1.126 10.88.82.27 --- ---
tcp 1.1.1.125:49187 10.88.82.101:49187 77.234.41.65:80 77.234.41.65:80
tcp 1.1.1.125:49238 10.88.82.101:49238 92.51.156.100:5938 92.51.156.100:5938
tcp 1.1.1.125:49896 10.88.82.101:49896 66.196.120.79:5050 66.196.120.79:5050
tcp 1.1.1.125:49926 10.88.82.101:49926 66.196.123.232:443 66.196.123.232:443
tcp 1.1.1.125:50951 10.88.82.101:50951 119.81.160.218:80 119.81.160.218:80
tcp 1.1.1.125:51986 10.88.82.101:51986 54.191.3.43:8081 54.191.3.43:8081
tcp 1.1.1.125:51988 10.88.82.101:51988 54.191.3.43:8081 54.191.3.43:8081
tcp 1.1.1.125:52101 10.88.82.101:52101 54.168.234.95:443 54.168.234.95:443
tcp 1.1.1.125:52112 10.88.82.101:52112 54.168.234.95:443 54.168.234.95:443
tcp 1.1.1.125:52134 10.88.82.101:52134 54.168.234.95:443 54.168.234.95:443
udp 1.1.1.125:55180 10.88.82.101:55180 46.10.63.211:30846 46.10.63.211:30846
udp 1.1.1.125:55180 10.88.82.101:55180 67.215.246.10:6881 67.215.246.10:6881
udp 1.1.1.125:55180 10.88.82.101:55180 82.221.103.244:6881 82.221.103.244:6881
udp 1.1.1.125:55180 10.88.82.101:55180 86.124.119.228:53669 86.124.119.228:53669
udp 1.1.1.125:55180 10.88.82.101:55180 111.37.16.110:34765 111.37.16.110:34765
udp 1.1.1.125:55180 10.88.82.101:55180 118.209.220.20:57274 118.209.220.20:57274
udp 1.1.1.125:55180 10.88.82.101:55180 182.168.90.8:45402 182.168.90.8:45402
udp 1.1.1.125:55180 10.88.82.101:55180 212.104.101.158:16748 212.104.101.158:16748
tcp 1.1.1.125:49204 10.88.82.102:49204 77.234.42.62:80 77.234.42.62:80
tcp 1.1.1.125:49293 10.88.82.102:49293 92.51.156.78:5938 92.51.156.78:5938
tcp 1.1.1.125:1072 10.88.82.102:50980 17.143.161.226:5223 17.143.161.226:5223
tcp 1.1.1.125:1089 10.88.82.102:51003 66.196.120.78:5050 66.196.120.78:5050
tcp 1.1.1.125:1108 10.88.82.102:51024 98.138.26.118:443 98.138.26.118:443
tcp 1.1.1.125:51957 10.88.82.102:51957 202.78.113.183:443 202.78.113.183:443
tcp 1.1.1.125:51963 10.88.82.102:51963 54.191.3.43:8081 54.191.3.43:8081
tcp 1.1.1.125:51974 10.88.82.102:51974 74.125.68.100:80 74.125.68.100:80
tcp 1.1.1.125:51992 10.88.82.102:51992 74.125.130.94:80 74.125.130.94:80
tcp 1.1.1.125:52016 10.88.82.102:52016 74.125.130.138:443 74.125.130.138:443
tcp 1.1.1.125:52027 10.88.82.102:52027 74.125.203.84:443 74.125.203.84:443
tcp 1.1.1.125:52033 10.88.82.102:52033 199.59.148.85:443 199.59.148.85:443
tcp 1.1.1.125:52334 10.88.82.102:52334 74.125.130.97:80 74.125.130.97:80
tcp 1.1.1.125:52335 10.88.82.102:52335 74.125.130.154:80 74.125.130.154:80
tcp 1.1.1.125:52356 10.88.82.102:52356 209.107.203.24:80 209.107.203.24:80
tcp 1.1.1.125:52358 10.88.82.102:52358 209.107.203.24:80 209.107.203.24:80
tcp 1.1.1.125:52473 10.88.82.102:52473 62.67.193.31:80 62.67.193.31:80
tcp 1.1.1.125:52622 10.88.82.102:52622 74.125.130.148:80 74.125.130.148:80
tcp 1.1.1.125:52635 10.88.82.102:52635 209.107.203.65:80 209.107.203.65:80
tcp 1.1.1.125:52708 10.88.82.102:52708 69.25.24.26:80 69.25.24.26:80
tcp 1.1.1.125:52803 10.88.82.102:52803 8.39.37.45:80 8.39.37.45:80
tcp 1.1.1.125:52804 10.88.82.102:52804 8.39.37.45:80 8.39.37.45:80
tcp 1.1.1.125:52807 10.88.82.102:52807 8.39.37.45:80 8.39.37.45:80
tcp 1.1.1.125:52808 10.88.82.102:52808 8.39.37.45:80 8.39.37.45:80
tcp 1.1.1.125:52841 10.88.82.102:52841 173.194.38.186:80 173.194.38.186:80
tcp 1.1.1.125:52867 10.88.82.102:52867 173.194.38.186:80 173.194.38.186:80
tcp 1.1.1.125:52868 10.88.82.102:52868 173.194.38.186:80 173.194.38.186:80
tcp 1.1.1.125:52874 10.88.82.102:52874 208.71.122.72:80 208.71.122.72:80
tcp 1.1.1.125:52881 10.88.82.102:52881 74.121.136.104:80 74.121.136.104:80
tcp 1.1.1.125:53053 10.88.82.102:53053 74.125.235.79:80 74.125.235.79:80
tcp 1.1.1.125:54245 10.88.82.102:54245 216.58.216.36:80 216.58.216.36:80
tcp 1.1.1.125:54256 10.88.82.102:54256 74.125.130.154:443 74.125.130.154:443
tcp 1.1.1.125:54281 10.88.82.102:54281 209.107.203.26:80 209.107.203.26:80
tcp 1.1.1.125:54311 10.88.82.102:54311 199.38.166.156:80 199.38.166.156:80
tcp 1.1.1.125:54326 10.88.82.102:54326 216.38.160.155:80 216.38.160.155:80
tcp 1.1.1.125:54335 10.88.82.102:54335 62.67.193.21:80 62.67.193.21:80
tcp 1.1.1.125:54373 10.88.82.102:54373 173.194.127.121:80 173.194.127.121:80
tcp 1.1.1.125:54415 10.88.82.102:54415 50.23.159.158:443 50.23.159.158:443
tcp 1.1.1.125:54416 10.88.82.102:54416 50.23.159.158:80 50.23.159.158:80
tcp 1.1.1.125:54426 10.88.82.102:54426 212.124.126.16:80 212.124.126.16:80
tcp 1.1.1.125:54427 10.88.82.102:54427 212.124.126.16:80 212.124.126.16:80
tcp 1.1.1.125:54442 10.88.82.102:54442 74.125.130.156:80 74.125.130.156:80
tcp 1.1.1.125:54454 10.88.82.102:54454 212.124.107.25:80 212.124.107.25:80
tcp 1.1.1.125:54458 10.88.82.102:54458 212.124.107.25:80 212.124.107.25:80
tcp 1.1.1.125:54464 10.88.82.102:54464 74.125.130.149:443 74.125.130.149:443
tcp 1.1.1.125:54469 10.88.82.102:54469 65.112.85.35:80 65.112.85.35:80
tcp 1.1.1.125:54471 10.88.82.102:54471 192.229.237.154:443 192.229.237.154:443
tcp 1.1.1.125:54474 10.88.82.102:54474 199.59.149.201:443 199.59.149.201:443
tcp 1.1.1.125:54497 10.88.82.102:54497 74.125.130.149:80 74.125.130.149:80
tcp 1.1.1.125:54522 10.88.82.102:54522 199.38.166.155:80 199.38.166.155:80
tcp 1.1.1.125:54530 10.88.82.102:54530 199.38.166.165:80 199.38.166.165:80
tcp 1.1.1.125:54534 10.88.82.102:54534 74.125.130.149:80 74.125.130.149:80
tcp 1.1.1.125:54550 10.88.82.102:54550 208.71.122.19:80 208.71.122.19:80
tcp 1.1.1.125:54552 10.88.82.102:54552 212.124.115.210:80 212.124.115.210:80
tcp 1.1.1.125:54601 10.88.82.102:54601 209.107.203.73:80 209.107.203.73:80
tcp 1.1.1.125:54602 10.88.82.102:54602 209.107.203.73:80 209.107.203.73:80
tcp 1.1.1.125:54603 10.88.82.102:54603 209.107.203.73:80 209.107.203.73:80
tcp 1.1.1.125:54604 10.88.82.102:54604 209.107.203.73:80 209.107.203.73:80
tcp 1.1.1.125:54605 10.88.82.102:54605 209.107.203.73:80 209.107.203.73:80
tcp 1.1.1.125:54609 10.88.82.102:54609 209.107.203.64:80 209.107.203.64:80
tcp 1.1.1.125:54612 10.88.82.102:54612 192.0.76.3:80 192.0.76.3:80
tcp 1.1.1.125:54622 10.88.82.102:54622 209.94.144.19:80 209.94.144.19:80
tcp 1.1.1.125:54624 10.88.82.102:54624 74.125.130.155:80 74.125.130.155:80
tcp 1.1.1.125:54641 10.88.82.102:54641 184.50.3.157:80 184.50.3.157:80
tcp 1.1.1.125:54650 10.88.82.102:54650 74.125.68.95:80 74.125.68.95:80
tcp 1.1.1.125:54692 10.88.82.102:54692 50.97.236.99:443 50.97.236.99:443
tcp 1.1.1.125:54716 10.88.82.102:54716 209.107.203.35:80 209.107.203.35:80
tcp 1.1.1.125:54750 10.88.82.102:54750 31.13.70.1:443 31.13.70.1:443
tcp 1.1.1.125:54751 10.88.82.102:54751 184.169.133.229:80 184.169.133.229:80
tcp 1.1.1.125:54752 10.88.82.102:54752 74.217.78.212:80 74.217.78.212:80
tcp 1.1.1.125:54755 10.88.82.102:54755 54.65.94.147:80 54.65.94.147:80
tcp 1.1.1.125:54763 10.88.82.102:54763 209.107.203.64:80 209.107.203.64:80
tcp 1.1.1.125:54765 10.88.82.102:54765 54.148.30.72:80 54.148.30.72:80
tcp 1.1.1.125:54770 10.88.82.102:54770 54.69.229.229:80 54.69.229.229:80
tcp 1.1.1.125:54776 10.88.82.102:54776 54.236.153.167:80 54.236.153.167:80
tcp 1.1.1.125:54791 10.88.82.102:54791 50.97.236.98:80 50.97.236.98:80
tcp 1.1.1.125:54796 10.88.82.102:54796 199.59.150.10:443 199.59.150.10:443
tcp 1.1.1.125:54800 10.88.82.102:54800 54.236.178.88:80 54.236.178.88:80
tcp 1.1.1.125:54802 10.88.82.102:54802 31.13.70.12:80 31.13.70.12:80
tcp 1.1.1.125:54808 10.88.82.102:54808 54.69.42.149:80 54.69.42.149:80
tcp 1.1.1.125:54816 10.88.82.102:54816 204.144.141.22:80 204.144.141.22:80
tcp 1.1.1.125:54820 10.88.82.102:54820 204.144.140.26:80 204.144.140.26:80
tcp 1.1.1.125:54824 10.88.82.102:54824 50.18.52.21:80 50.18.52.21:80
tcp 1.1.1.125:54829 10.88.82.102:54829 54.235.201.181:80 54.235.201.181:80
tcp 1.1.1.125:54855 10.88.82.102:54855 216.58.211.35:80 216.58.211.35:80
tcp 1.1.1.125:54860 10.88.82.102:54860 74.125.224.111:80 74.125.224.111:80
tcp 1.1.1.125:54862 10.88.82.102:54862 72.21.91.109:80 72.21.91.109:80
tcp 1.1.1.125:54863 10.88.82.102:54863 72.21.91.109:80 72.21.91.109:80
tcp 1.1.1.125:54864 10.88.82.102:54864 68.67.128.67:80 68.67.128.67:80
tcp 1.1.1.125:54865 10.88.82.102:54865 173.194.117.90:80 173.194.117.90:80
tcp 1.1.1.125:54866 10.88.82.102:54866 173.194.117.90:80 173.194.117.90:80
tcp 1.1.1.125:54870 10.88.82.102:54870 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54871 10.88.82.102:54871 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54872 10.88.82.102:54872 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54875 10.88.82.102:54875 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54876 10.88.82.102:54876 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54877 10.88.82.102:54877 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54878 10.88.82.102:54878 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54879 10.88.82.102:54879 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54880 10.88.82.102:54880 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54881 10.88.82.102:54881 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54882 10.88.82.102:54882 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54883 10.88.82.102:54883 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54884 10.88.82.102:54884 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54888 10.88.82.102:54888 74.125.130.154:80 74.125.130.154:80
tcp 1.1.1.125:54889 10.88.82.102:54889 66.235.138.211:80 66.235.138.211:80
tcp 1.1.1.125:54899 10.88.82.102:54899 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54900 10.88.82.102:54900 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54901 10.88.82.102:54901 162.209.46.246:80 162.209.46.246:80
tcp 1.1.1.125:54902 10.88.82.102:54902 192.33.31.101:80 192.33.31.101:80
tcp 1.1.1.125:54903 10.88.82.102:54903 162.209.46.246:80 162.209.46.246:80
tcp 1.1.1.125:54904 10.88.82.102:54904 74.125.130.154:80 74.125.130.154:80
tcp 1.1.1.125:54905 10.88.82.102:54905 173.194.117.90:80 173.194.117.90:80
tcp 1.1.1.125:54906 10.88.82.102:54906 173.194.117.90:80 173.194.117.90:80
udp 1.1.1.125:62438 10.88.82.102:62438 4.2.2.2:53 4.2.2.2:53
udp 1.1.1.125:53644 10.88.83.32:53644 4.2.2.2:53 4.2.2.2:53
udp 1.1.1.125:53754 10.88.83.32:53754 4.2.2.2:53 4.2.2.2:53
udp 1.1.1.125:55451 10.88.83.32:55451 4.2.2.2:53 4.2.2.2:53
udp 1.1.1.125:55635 10.88.83.32:55635 4.2.2.2:53 4.2.2.2:53
tcp 1.1.1.125:61062 10.88.83.33:61062 37.48.93.217:5938 37.48.93.217:5938

dyop.geop · ‎02-01-2015

a bump. Hope someone could help. :(

AllertGen · ‎02-02-2015

Hello, Geoffrey Wong.

Change your nat line to "ip nat inside source static 10.88.82.27 1.1.1.125", because your external interface is not .126. (I hope you not DoSing your neigbour :) )

Best Regards.

dyop.geop · ‎02-02-2015

Hi Sir AllertGen,

Thanks for the reply!

We did consider that, but we do have a lot of public ip addresses, and we want that this particular server will have its own public ip address, different from the external interface ip address.

Will there be a way?

AllertGen · ‎02-02-2015

Hi, Geoffrey Wong.

Yes, you can do so. Place another IP address as secondary to the GE2 interface. You can use line:

(config-if)# ip address 10.1.1.126 255.255.255.0 secondary

After this you can put this secondary address to your NAT command.

dyop.geop · ‎02-03-2015

hey wow, thanks for this. I didn't know this. will configure this when we're not in production. If this will work, will come back here to label your reply as correct answer. haha. thanks very much!

imtiaz · ‎05-01-2018

Hi,

interface GigabitEthernet2

description WAN - Internet DSL

ip address 1.1.1.125 255.255.255.0

ip nat outside

add

ip nat enable

IP NAT inside source Static not working