• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Multiple NAT sessions on 1 Router?

Is it possible to have multiple NAT sessions on a single router?

I would like to have similar setup (WebServer etc.) on second public IP on
Interface Ethernet 3/0 IP 66.x.86.x

Partial current config listed below.

!
ip nat inside source list 2 interface Ethernet3/2 overload
ip nat inside source static tcp 172.x.13.12 53 66.x.66. x 53 extendable
ip nat inside source static tcp 172.x.13.12 80 66. x.66. x 80 extendable
ip nat inside source static udp 172.x.13.12 53 66. x.66. x 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 66. x.66.1
ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
!
!
!
ip access-list extended WebServer
.
.
 permit tcp any any established
 .
.
 permit udp any eq domain host 66. x.66.17
 permit udp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq www
.
.
deny   ip any any log-input
!
!
access-list 2 permit 10.0.0.0 0.255.255.255  < ==== Inside Private Subnets
access-list 2 permit 172.16.0.0 0.15.255.255  < ==== Inside Private Subnets
access-list 2 permit 192.168.0.0 0.0.255.255  < ==== Inside Private Subnets
!
!

0
orbix
Asked:
orbix
  • 2
1 Solution
 
lrmooreCommented:
No problem...
   ip nat inside source static tcp <private ip> 80 66.x.86.x 80 extendable

It doesn't really matter which interface or where that private IP lives, as long as the interface is designated a "nat inside" interface..
Just be sure to adjust your inbound acl to accomodate the new server:
   permit tcp any host 66.x.86.x eq www
0
 
orbixAuthor Commented:
Again, thanks for your help.

I do have another question about this. Currently all out bound traffice is going out Int E3/2

!
ip nat inside source list 2 interface Ethernet3/2 overload = 66.x.66.1
!
ip route 0.0.0.0 0.0.0.0 66. x.66.1
ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
!

But if that Int, or ISP IP goes down, the secondary Gateway will kick in, How will out bound traffic go? Will it all stop due to Int E3/2 (66.x.66.1) being down, or will the NAT Fail over as well as the gateway of last resort?
0
 
lrmooreCommented:
I'd have to see your complete config to see if that would also fail over..
As long as the 66.xx.86.x subnet and the 66.xx.66.x subnets get broadcast from this router to the iSP, there's no issue.
are you using BGP to send your network(s) to the ISP?
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now