Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
5
Replies

static nat issue

Basavaraj Ningappa
Level 1
Level 1

‎04-20-2016 12:00 AM - edited ‎03-08-2019 05:25 AM

Hello Experts,

We have one static nat issue, i just wanted to discuss with you guys if some one had same issues like me 

we have one router which is connected to LL and we are running DMVPN over that, inside interface of the router connected to firewall and outside interface is connected to LL. we have one request that we want to configure static nat on the router any traffic coming from outside to inside we have to nat to one of the DMZ server IP, DMZ is behind the firewall and also firewall is acting as DMZ gateway.

i have configured static nat and looks to be working if i see " show ip nat trans " but if try to access any allowed port from outside it wont work.

below is my static nat command

"ip nat inside source static 192.168.1.1 93.x.x.x 

192.168.1.5 is my DMZ server and 93.x.x.x is my free public IP

request you to help in case some one has faced same issue

thank you so much

Basavaraj

Labels:
0 Helpful
5 Replies 5

Richard Bradfield
Level 6
Level 6

‎04-20-2016 01:11 AM

server address 192.168.1.5

static nat is for 192.168.1.1

can you share configuration

regards

Richard

0 Helpful

Basavaraj Ningappa
Level 1
Level 1
In response to Richard Bradfield

‎04-20-2016 01:21 AM

Dear Richard,

oh sorry that was a typo

server address 192.168.1.5 and 192.168.1.1 is the gateway configured on the firewall.

this firewall is connected to router where we have LL connection and i am doing the static nat over there

interface GigabitEthernet0/1
bandwidth 65536
ip address 94.x.x.x x.x.x.x
ip access-group PermitALL in
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map x.x.x.x
service-policy output X.x.x.

interface GigabitEthernet0/0
description Connected to firewall
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
end

ip nat inside source static 192.168.1.5 94.x.x.x === the which is not working

ip nat inside source list INTERNET interface GigabitEthernet0/1 overload

ip access-list extended INTERNET
deny ip x.x.x.x x.x.x.x
deny ip x.x.x.x x.x.x.x
permit ip any any

0 Helpful

Richard Bradfield
Level 6
Level 6
In response to Basavaraj Ningappa

‎04-20-2016 02:50 AM

How many public IP addresses 94.x.x.x do you have

I take it the server NAT translates to a different address than the Gi0/1 interface address

0 Helpful

Richard Bradfield
Level 6
Level 6
In response to Richard Bradfield

‎04-20-2016 03:06 AM

If you only have one IP address then have to define which port will go to that server.

for example

ip nat inside source static tcp 192.168.1.5 80 interface gi0/1 80

so anybody going to port 80 from the outside  will be directed to the server.

0 Helpful

Basavaraj Ningappa
Level 1
Level 1
In response to Richard Bradfield

‎04-20-2016 05:16 AM

Its /28 subnet from the provider, we have so many free IPs and i am using one of the free IP.

when i issue the " show ip nat translation " i see below output and which i believe nat config is correct, but for sure i am missing

tcp 94.5X.X.X:3389 192.168.1.5:3389 217.165.4.152:2076 217.165.4.152:2076
tcp 94.5X.X.X:3389 192.168.1.5:3389 217.165.4.152:2077 217.165.4.152:2077 

--- 94.5X.X.X        192.168.1.5      ---                ---

i tried to ping natted IP and i am not able to ping it

0 Helpful
Customers Also Viewed These Support Documents