cisco router configuration of nat routing for computers inside the router

Posted on 2004-10-21
Last Modified: 2010-04-17
I have a router that i am connecting to my corperate network( to set up a private network( The router is assigned an external static address of and internally it has an address of  It uses DHCP and gives out addresses of - to internal computers using DHCP on the private network:  

    interface Ethernet0
       ip address
       ip nat inside
       no ip mroute-cache
       no cdp enable
       hold-queue 32 in
    interface Ethernet1
       ip address
       ip nat outside
       no ip mroute-cache
       duplex auto
       no cdp enable

I also have some NAT entries defined in the router for example:

   ip nat inside source static tcp 8888 interface Ethernet1 8888

This allows a program on the corperate network to open and that port is translated to on my private network.  If i have a program on that listens on port 8888 for connections everything works great.

Additonally from a computer in my private network say I want to connect to (that is i would like the router to translate the address even if it is comming from an internal address).  

When i used a linksys router (RV042 or BEFVP41) this worked fine.  Now i am attempting this on a Cisco SOHO 91 (this router supports telnet and i want to change the configuration of the router programatically) i can open from a computer on the outside of the router (corperate network) but i cannot open from a computer on my private network (I can open from the private but i need it to be from the private network, so it goes through the router and the translation is provided).  

What configuration settings do i need for my Cisco router to provide the same functionality the the linksys router provided (I am sure it can be done judging by the configuration settings from the cisco router under telnet).
Question by:keith_gard
    LVL 43

    Accepted Solution

    You can with Linksys but not with Cisco.  On a Cisco router, static NAT translation only occurs when the packet enters the "nat outside" interface and exits the "nat inside" interface.  Even if it did work, would you really want all traffic to traverse the router when the server is on the same physical network?  You'd have greater performance accessing the server via the switched network versus the router providing translation.  
    LVL 1

    Author Comment

    Here is what i would like to do:   On my private network i am setting up a load balancing solution (home brew).  I was using the router to locate the main server for registration of other computers (they would register 1 every minute, this is not a performance sensitive communication and is only used by my internal server application).  With the linksys router i would set up a nat entry that would specify one computer "main server" and the port to communicate on.  For example if i set up the nat to route port 8888 to my internal address  Then on each computer on the private network i would open port and with the linksys router configured with the proper nat settings it would it would really open  Each private server could then send socket based xml packets to the "main server" and register with the main server.  

    Again this works fine for the linksys routers.  

    Additionally I would like to change the main server by just changing the router nat settings. I would do this if  "main server" fails by reconfiguring the router programatically (telnet).  This forces me to look at cisco routers since they support telnet and i can change the nat via  one of my functional servers (when they notice the main server is down). (BTW: for anyone who cares linksys RV042 says it supports telnet but really does not).  However i cannot get the cisco router to apply the nat translation even if i use what i think is an external address

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    New Server  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
    There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now