Re: Need help creating multiple static NATs

Lucas Kane · ‎03-12-2012

I am trying to configure a Cisco 871 router.

I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.

I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.

I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.

I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?

Thanks in advance for any help.

amigomnemonik · ‎03-12-2012

I think you need to configure ACLs to allow an access from outside to your new IPs. ACLs is verified first before NAT.

Permit tcp or usp or ip any to your outside IP with specific ports.

Sent from my iPhone

Lucas Kane · ‎03-12-2012

This is my current configuration:

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.86.20.20 22 X.X.X.83 22 extendable

ip nat inside source static tcp 10.86.20.20 443 X.X.X.83 443 extendable

ip nat inside source static tcp 10.86.20.20 10000 X.X.X.83 10000 extendable

ip nat inside source static 10.86.20.20 X.X.X.83

ip nat inside source static tcp 10.86.20.35 80 X.X.X.84 80 extendable

ip nat inside source static tcp 10.86.1.50 80 X.X.X.85 80 extendable

!

access-list 1 permit 10.86.1.0 0.0.0.255

access-list 1 permit 10.86.20.0 0.0.0.255

access-list 1 permit 10.86.86.0 0.0.0.255

So what i need to do is create a new ACL:

access-list 2 permit any (WAN Address)

for each server's public IP and apply it to my WAN interface?