static nat configuration help

les.k.stott · ‎09-03-2014

Hi,

I have the following setup that i am tasked with creating static nat for and i am a little lost with getting the correct nat working.

Here is the setup:

Internal servers behind firewall 192.168.1.0/24

Firewall external interface is 192.168.5.36

Firewall external interface is connected to inside gig0/0 interface on cisco router.

cisco router currently, it has a sub interface g0/0.5 with ip 192.168.5.41.

on the outside cisco interface, serial1/0 is an ip, 10.1.2.3.

Beyond serial1/0 are multiple remote hosts, such as...

10.8.10.5

10.20.10.16

10.20.12.12

these are remotely managed by another company.

Now, for the static nat, we want to do the following:

translate 192.168.5.66 -> 10.8.10.5

translate 192.168.5.67 -> 10.20.10.16

translate 192.168.5.68 -> 10.20.12.12

Internal hosts behind the firewall would communicate via 192.168.5.66, 67 or 68, and the cisco router would translate these to appropriate addresses.

Note that 192.168.5.66,67,68 don't exist as yet, my understanding (which is possibly wrong) is that once nat is correctly setup they will just work and the cisco router will do the translations.

I've tried some different scenarios with ip nat inside, ip nat outside and nvi (Cisco IOS is 12.4(11)XW3) but am failing to get proper translation happening.

Most examples i've seen involve the internal "to be translated" address actually being an internal server, not something that gets configured on the cisco router by a nat translation.

Is this possible?

or have i got it completely wrong? i.e .should the addresses 192.168.5.66,67,68 be configured somewhere?

Thanks in advance,

Regards,

Les

michael o'nan · ‎09-03-2014

This can be accomplished with static NAT. The command would look like

ip nat inside source static x.x.x.x x.x.x.x

You will also need to use ip nat inside on your "inside" interface and ip nat outside on the "outside" interface. For a little more information see the following link:

http://www.freeccnaworkbook.com/workbooks/ccna/configuring-network-address-translation-nat-one-to-one

les.k.stott · ‎09-04-2014

Michael,

Thanks for your reply, i had seen that doc before, but it wasn't enough to get things working for me. Most of the examples i have seen were similar to this, and involved nat where an internal host address was being nat'ed. In my case, the address to nat didn't exist on an internal host and to translate correctly i needed to define both and inside source static and an identical outside source static entry. I also had to change which interface was outside and inside.

i.e.

int g0/0.5

ip nat outside

int serial1/0

ip nat inside

ip nat inside source static 10.8.10.5 192.168.5.66

ip nat outside source static 10.8.10.5 192.168.5.66

with that config my translation table looked like...

#sh ip nat tra

Pro Inside global Inside local Outside local Outside global

--- --- --- 192.168.5.66 10.8.10.5

--- 192.168.5.66 10.8.10.5 --- ---

And debug ip nat detailed showed correct translations happening:

# ping from 192.168.5.36

Sep 4 06:18:07.807: NAT*: o: icmp (192.168.5.36, 8494) -> (192.168.5.66, 8494) [43]

Sep 4 06:18:07.807: NAT*: s=192.168.5.36, d=192.168.5.66->10.8.10.5 [43]

if i had only an inside source static address then the translations never happened.

So i have a working config now.

Regards,

Les