Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
3
Replies

NAT

netbeginner
Level 2
Level 2

‎06-10-2017 01:06 AM - edited ‎03-08-2019 10:56 AM

Hello Experts, 

We have 3900 Cisco router as Gateway, Would like to check if same can support Dynamic NAT (Source NAT) and Static NAT (Destination NAT) simultaneously.

i.e Will like to do Dynamic NAT (Source) for Incoming traffic to our Network with Single Remote end IP &  Static NAT (Destination) NAT for multiple IPs of Our Network with remote end multiple IPs.

Is this possible, If not, what is the technical reason for this limitation. ?

Rgds

*** 

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-10-2017 01:24 AM

Yes it can do this.

0 Helpful

netbeginner
Level 2
Level 2
In response to Philip D'Ath

‎06-10-2017 01:41 AM

Thanks Philip, 

Remember as mentioned one Source NAT - dynamic NAT (towards Data Center inside from Remote end with single IP of remote network only)  & other Destination NAT - Source NAT (from Data center towards remote site with multiple IPs of both end). 

If you don't mind, could you please share sample CLI for both this schenerio i.e. from Outside to inside (Dynamic with single IP) and Inside to Outside (Static for multiple IPs).

Rgds

0 Helpful

Georg Pauwen
VIP
VIP

‎06-10-2017 11:27 AM

Hello,

what do you mean by single/multiple remote end IPs ?

For dynamic source NAT, you need a pool of IP addresses. The configuration would look like this:

interface GigabitEthernet0/1 

ip address dhcp
ip nat outside
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat pool OUTSIDE_IN_POOL 192.168.2.1 192.168.2.14 netmask 255.255.255.240
ip nat outside source list 1 pool OUTSIDE_IN_POOL add-route
!
access-list 1 permit 192.168.3.0 0.0.0.255

Outside address coming from 192.168.3.0/24 will be dynamically translated to addresses from the pool OUTSIDE_IN_POOL.

Static NAT with multiple IP addresses from your inside network only makes sense when you need specific ports to be translated, e.g.:

ip nat inside source static tcp 192.168.1.10 80 212.12.10.1 8080 extendable

The limitation is that you need a static IP address on your external (NAT outside) interface in order to map multiple ports using the 'extendable' keyword. Also, you can only map one single internal IP address and port to the external IP address and port. So:

ip nat inside source static tcp 192.168.1.10 80 212.12.10.1 8080 extendable

ip nat inside source static tcp 192.168.1.11 80 212.12.10.1 8080 extendable

won't work.

 

0 Helpful
Customers Also Viewed These Support Documents