08-19-2008 09:58 PM - edited 03-06-2019 12:54 AM
Hi!
I am confuse when to use these two commands
ip nat inside source
and
ip nat source list
When i use IP NAT INSIDE SOURCE users can access the internet but when i used the IP NAT SOURCE LIST no translation happen.
Also, after enabling IP NAT INSIDE SOURCE command telnet access to outside interface is not accessible.
Thanks in advance for your help.
Solved! Go to Solution.
08-20-2008 08:35 AM
Rejohn
And here is an explanation of the new command:
ip nat source
To enable Network Address Translation (NAT) on a virtual interface without inside or outside specification, use the ip nat source command in global configuration mode.
Here is a link with more detail for anyone who was more info:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1012829
So use ip nat inside source for normal (physical) interfaces and use ip nat source for virtual interfaces.
HTH
Rick
08-19-2008 10:16 PM
with IP nat inside source list u need to difine an ACL defining the traffic to be considered as a nat source for examplelet say ur inside local lan is 192.168.1.0/24
do:
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
this way u can use source list like
ip nat inside source list 100 [and ur other config..]
with list u might exclude some IPs or network
for example if u want host 192.168.1.1 to not be nated this way will not use internet do
access-list 100 deny ip host 192.168.1.1 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
then apply it to ur nating statement with source list
please, if helpful Rate
08-19-2008 10:20 PM
Hi Marwanshawi.
thank you for your fast response. How about the IP NAT SOURCE LIST command? what is the difference between the two?
08-19-2008 10:29 PM
the above description all about IP source list
as i mention
ip nat source list then put the ACL based on the descretions i have given to u
which gives u more control and let u selct exactly what to nat and what not
also helpful in VPN IPsec because sometimes u need some kind of traffic to be exmpted from the nat
the one with list nat the source without spesific details like with lits one and ACL
have a look at the following link will help u alot
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
good luck
please, if helpful Rate
08-20-2008 12:25 AM
as i know "ip nat source" does not exist.
what plateform and ios are you using?
08-20-2008 12:45 AM
The choice you're giving is wrong. Assuming the traffic that must be NATed is coming from behind the "inside" NAT interface, the choices you have are:
ip nat inside source list
OR
ip nat inside source static
The list option is exactly as Marwan described.
The static option is used when you want to statically define which source host addresses must be NATed.
Example:
ip nat inside source static 10.l0.10.50 172.16.2.1
HTH
Victor
08-20-2008 01:20 AM
lamav,
im asking when to use
IP NAT INSIDE SOURCE LIST
and
IP NAT SOURCE LIST
I am using Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T
3, RELEASE SOFTWARE (fc1).
08-20-2008 07:51 AM
Go into config mode, type "ip nat" and then a "?" and show us the choices that you have.
Victor
08-20-2008 08:30 AM
Victor
Here it is:
lab2(config)#ip nat ?
Stateful Stateful NAT configuration commands
create Create flow entries
inside Inside address translation
log NAT Logging
outside Outside address translation
pool Define pool of addresses
service Special translation for application using non-standard port
source Source address translation
translation NAT translation entry configuration
lab2(config)#ip nat source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
lab2(config)#ip nat source
HTH
Rick
08-20-2008 08:35 AM
Rejohn
And here is an explanation of the new command:
ip nat source
To enable Network Address Translation (NAT) on a virtual interface without inside or outside specification, use the ip nat source command in global configuration mode.
Here is a link with more detail for anyone who was more info:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1012829
So use ip nat inside source for normal (physical) interfaces and use ip nat source for virtual interfaces.
HTH
Rick
08-20-2008 09:42 AM
Rejohn
I am glad that my response did resolve your question. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there was a response which did resolve the question.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
08-20-2008 10:11 AM
rick:
Cowabunga, dude!
LOL
I tried replicating that in my lab on a 7206 -- no dice.
Thanks
victor
08-20-2008 10:17 AM
Victor
I believe that it is version dependent. According to the documentation this command was introduced in 12.3(14)T. Looks like your 7206 is earlier that than and my router is later than that.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide