[c-nsp] Static Nat IOS

Discussion:

Bunny Singh

2013-03-04 14:24:50 UTC

Hi,

I have 3 interfaces on my 2911, out of which gig0/0 is used for outside, gig0/1 is used as a inside and gig0/2 is used for management & nms alert.

Now i have done the dynamic nat on gig0/1 with outside interface which is working fine.

Now i have a requirement to do the ping on WAN ip of my next hop on inside interface gig0/1 from NMS which are lies in gig0/2.

MY inside connecting router is maintained by some one else and has allowed only 8 ip's (10.14.29.8/29) through which i can access, now i want to use one of the ip so that i can NAT my nms ip (172.31.4.22) so that the nms can ping my other router wan ip (10.25.17.9) on inside network. Can any body tell me the static NAT config.

Following is the config:--

interface GigabitEthernet0/0
ip address 172.25.20.20 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.25.17.12 255.255.255.248
ip nat inside
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/2
ip address 172.31.9.70 255.255.255.0
duplex auto
speed 1000
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.25.17.9
ip route 10.14.29.9 255.255.255.255 172.25.20.17
ip route 10.14.29.10 255.255.255.255 172.25.20.17
ip route 172.31.4.22 255.255.255.255 172.31.9.1

!
access-list 110 permit ip any host 10.14.29.9
access-list 110 permit ip any host 10.14.29.10
!
route-map nonat permit 10
match ip address 110

Regards
Daljit Singh
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Peter Rathlev

2013-03-06 08:54:50 UTC

Permalink

I think it's a little unclear exactly what you want to accomplish.

Post by Bunny Singh
I have 3 interfaces on my 2911, out of which gig0/0 is used for
outside, gig0/1 is used as a inside and gig0/2 is used for management
& nms alert.

The default route on your 2911 points at 10.25.17.9 and this address
belongs to the interface you define as "ip nat inside" and call "inside"
in your descriptions. This is a little confusing though perfectly legal.

Post by Bunny Singh
Now i have a requirement to do the ping on WAN ip of my next hop on
inside interface gig0/1 from NMS which are lies in gig0/2.
MY inside connecting router is maintained by some one else and has
allowed only 8 ip's (10.14.29.8/29)

Is that the router with the address 10.25.17.9 on the inside interface?

Post by Bunny Singh
through which i can access, now i
want to use one of the ip

One of what IP addresses?

Post by Bunny Singh
so that i can NAT my nms ip (172.31.4.22) so
that the nms can ping my other router wan ip (10.25.17.9) on inside
network. Can any body tell me the static NAT config.

I've tried assembling a diagram of what your network looks like.

|
| 10.14.29.8/29
|
| .9
+------+
| R1 |
+------+
| .17
|
| "outside" 172.25.20.16/29
^ |
| | .20
DyNAT +------+ mgmt 172.31.9.0/24 +----+ ? +-----------------+
| | 2911 |------------------------| R3 |---| NMS 172.31.4.22 |
| | +------+ .70 .1 +----+ +-----------------+
| | | .12
| |
Default | "inside" 10.25.17.8/29
| |
V | .9
+------+
| R2 |
+------+
| ?

Is this correct?

And you want 172.31.4.22 (the NMS) to be able to reach 10.25.17.9 (R2)
through the 2911, but presumably R2 currently does not route 172.31.4.22
back to you and you thus need 172.31.4.22 to be translated to something
else, maybe 10.14.29.x? And you need the current NAT configuration to
continue working as it is.

If that is the case you probably need to configure some "ouside NAT":

! *** 2911 ***
interface GigabitEthernet0/2
ip nat outside
!
ip nat outside source static 172.31.4.22 10.14.29.x
!

I'm not exactly sure this would work and I can't test it right now. But
you could give it a try and keep in mind that it might disrupt
something.

--
Peter

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Bunny Singh

2013-03-06 12:15:06 UTC

Permalink

Hi,

Yeah it works, thanks for your support.

Can you please provide some good link on which i can understand the working of different NAT command.

Regards
DS

________________________________
From: Peter Rathlev <***@rathlev.dk>
To: Bunny Singh <***@yahoo.com>
Cc: "cisco-***@puck.nether.net" <cisco-***@puck.nether.net>
Sent: Wednesday, March 6, 2013 2:24 PM
Subject: Re: [c-nsp] Static Nat IOS

I think it's a little unclear exactly what you want to accomplish.

Post by Bunny Singh
I have 3 interfaces on my 2911, out of which gig0/0 is used for
outside, gig0/1 is used as a inside and gig0/2 is used for management
& nms alert.

Post by Bunny Singh
Now i have a requirement to do the ping on WAN ip of my next hop on
inside interface gig0/1 from NMS which are lies in gig0/2.

MY inside connecting router is maintained by some one else and has
allowed only 8 ip's (10.14.29.8/29)

Is that the router with the address 10.25.17.9 on the inside interface?

Post by Bunny Singh
through which i can access, now i
want to use one of the ip

One of what IP addresses?

Post by Bunny Singh
so that i can NAT my nms ip (172.31.4.22) so
that the nms can ping my other router wan ip (10.25.17.9) on inside
network. Can any body tell me the static NAT config.

--
Peter
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Peter Rathlev

2013-03-06 14:10:04 UTC

Permalink

Post by Bunny Singh
Can you please provide some good link on which i can understand the
working of different NAT command.

NAT is a somewhat large area to explore, but if you're looking for
something with the basics (though a little Cisco specific) then this
might fit:

"How NAT Works"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

It doesn't cover the actual commands but when you're used to the
terminology that Cisco uses you can easily see what commands apply
where. For examples including commands:

"NAT: Local and Global Definitions"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

This is all "IOS classic NAT" which means it's useless on PIX/ASA
devices and for e.g. NVI.

Continue reading on narkive:

Search results for '[c-nsp] Static Nat IOS' (Questions and Answers)

replies

What is the best router to use for sunrocket voip?

started 2006-05-17 19:50:00 UTC

computer networking

replies

What is a community string in a cisco 2600 router?

started 2012-08-24 14:01:52 UTC

computer networking

replies

How to configuer LAN so that database installed in office system can be connected through internet?