Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
7
Replies

NAT Port-forwading

stlourenco
Level 1
Level 1

‎10-06-2016 12:36 PM - edited ‎03-08-2019 07:43 AM

Good afternoon, dear.

Need help with a NAT configuration from routed (port forwading). The need of my client is that requests the IP's 10.83.0.11 on TCP port 80 and TCP 3389 be redirected to the server with the real ip 172.1.0.75, but on the same ports as setting that I made below.

IP nat inside source static tcp 3389 3389 10.83.0.11 extendable 172.1.0.75
IP nat inside source static tcp 80 80 10.83.0.11 extendable 172.1.0.75

NAT is functioning normally, but after I configure the NAT, the actual server ip 172.1.0.75 does not answer the requests and only the NAT IP 10.83.0.11 pass to respond.

For some internal matter, my client wants both the IP and 172.1.0.75 as the 10.83.0.11 answer. That would be possible? Is there any setting I can do on the router to make it work that way?
Labels:
0 Helpful
7 Replies 7

Krash Mole
Level 1
Level 1

‎10-07-2016 05:22 AM

Hi,

can you please provide network diagram of your client?

what device are you using ?

0 Helpful

stlourenco
Level 1
Level 1
In response to Krash Mole

‎10-09-2016 06:53 PM

Hi, Krash.

What I do know is that there is a router ISR G2 series 2900 and in it there are several subinterfaces (this same router is the gateway of VLAN's). As I have already informed the traffic flow is not the internet for  LAN, but between local networks or different vlans.

In this specific case, the vlan subinterface 172.1.0.0/24 network is configured with ipnat inside and the other is configured as subinterface ip nat outside

My client's need, as I mentioned earlier, is that both the real ip 172.1.0.75 ip mapped 10.83.0.11 answer on ports TCP/80 and TCP/3389, however only the mapped ip 10.83.0.11 replies and while the real ip 172.1.0.75 stops responding. The real ip just back the answer when I remove the NAT configuration.

Is it possible to make it work that way?

0 Helpful

Krash Mole
Level 1
Level 1
In response to stlourenco

‎10-10-2016 12:17 AM

Hi,

try this

IP nat inside source static tcp  10.83.0.11 3389 172.1.0.75  3389
IP nat inside source static tcp  10.83.0.11 80 172.1.0.75  80

0 Helpful

stlourenco
Level 1
Level 1
In response to Krash Mole

‎10-10-2016 07:32 AM

Hi,

It did not work. I've configured that way before, but only the mapped ip establishes TCP session.

 

0 Helpful

Krash Mole
Level 1
Level 1
In response to stlourenco

‎10-10-2016 10:58 PM

Hi 

can you ping 10.83.0.11 and ping 172.1.0.75 from the router?

0 Helpful

stlourenco
Level 1
Level 1
In response to Krash Mole

‎10-15-2016 06:53 PM

Hello Krash

Sorry for the delay. Yes I can ping both the 10.83.0.11 as the ip 172.1.0.75 ip. However ping works only for ip 172.1.0.75 before I configure NAT; After configuring the NAT ip 10.83.0.11 's answer and the 172.1.0.75 IP no longer responds

0 Helpful

Peter Koltl
Level 7
Level 7

‎10-17-2016 10:35 PM

IOS static NAT is bidirectional and stateless so it cannot distinguish which side initiates the connection. That is why it cannot handle two entries with the same real IP 172.1.0.75. The router could not decide what to do with packets with srcIP=172.1.0.75 arriving from the server. Should the srcIP be translated or not?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card