Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static port NAT for outgoing traffic..truly bidrectional?

Status
Not open for further replies.

HungryHouse

Vendor
Oct 7, 2005
330
US
If you have already have overload NAT/PAT configured to be bound to the outside interface on a Cisco router in order to allow standard internet browsing from the inside hosts, and you also have a static port NAT for an inside web server 1-1 on port 80 bound to that same interface (the web server is on the same subnet as the rest of the hosts being PAT'd), then wouldn't that web server, if browsing as a host itself, show up in the nat translation table as souce port 80 and not a random port# like it would for PAT?

I thought this was the case, however, when seeing the
"show ip nat translation" output this is not so. Its still using random port#s for that host.

Can anyone help explain this? I must be missing something.

Here is the config example:
(config)#int eth0/0
(config-if)#ip nat inside
(config-if)#exit
(config)#int eth0/1
(config-if)#ip nat outside
(config)#exit
(config)#ip access-list standard NAT_ADDIES
(config-std-nacl)#permit 192.168.0.0 0.0.255.255
(config-std-nacl)#exit
(config)#ip nat inside source list NAT_ADDIES int eth0/1 overload
(config)#ip nat inside source static tcp 192.168.99.99 80 int eth0/1 80

thank you

-HH
 
You should see something like this!

[tt]
Router#show ip nat tran
Pro Inside global Inside local Outside local Outside global
tcp {ip_of_fa0/0}:80 192.168.99.99:80 --- ---
[/tt]

Note this will be first item in the list. The web server will still have several random port numbers along with this first entry because those are the ongoing connections with systems from the web accessing the web server. And from the server it's self accessing systems on the internet.

CCNA, A+, HP Certified Professional
 
Nope, thats not the case staples....not for the outgoing traffic. thats why I'm confused..can anyone assist?

-Thanks, HH
 
router#clear ip nat trans *

then browse, then

sh ip nat trans *

The static translation will not show until someone from the outside hits the public IP address on your outside interface on port 80...

Post the sh ip nat trans after all of this happens...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Burt,

Let me see if get this..so basically, the outbound traffic will NAT to the interface unless that happens? And when it does (the outside hitting the public IP address on my outside interface on port 80), is it safe to assume that the traffic will be bound to the static 1-1 until the inbound translation table ages out?
What is the default timer until it builds the table again?
Is it just one table or is it a separate table for each direction?
Thanks for your help thusfar :)

-HH

 
Can anyone assist on this? Trying to understand the logic of the NAT bindings in the router, and a better understanding of the NAT tables as per the above question.
I'm pretty new to NAT on Cisco IOS routers.

Thanks,
HH
 
Can you please provide us with a show run and a show ip nat tran.



CCNA, A+, HP Certified Professional
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top