Solved

Multiple NAT sessions on 1 Router?

Posted on 2004-10-25
318 Views
Last Modified: 2006-11-17
Is it possible to have multiple NAT sessions on a single router?

I would like to have similar setup (WebServer etc.) on second public IP on
Interface Ethernet 3/0 IP 66.x.86.x

Partial current config listed below.

!
ip nat inside source list 2 interface Ethernet3/2 overload
ip nat inside source static tcp 172.x.13.12 53 66.x.66. x 53 extendable
ip nat inside source static tcp 172.x.13.12 80 66. x.66. x 80 extendable
ip nat inside source static udp 172.x.13.12 53 66. x.66. x 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 66. x.66.1
ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
!
!
!
ip access-list extended WebServer
.
.
 permit tcp any any established
 .
.
 permit udp any eq domain host 66. x.66.17
 permit udp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq www
.
.
deny   ip any any log-input
!
!
access-list 2 permit 10.0.0.0 0.255.255.255  < ==== Inside Private Subnets
access-list 2 permit 172.16.0.0 0.15.255.255  < ==== Inside Private Subnets
access-list 2 permit 192.168.0.0 0.0.255.255  < ==== Inside Private Subnets
!
!

0
Question by:orbix
    3 Comments
     
    LVL 79

    Accepted Solution

    by:
    No problem...
       ip nat inside source static tcp <private ip> 80 66.x.86.x 80 extendable

    It doesn't really matter which interface or where that private IP lives, as long as the interface is designated a "nat inside" interface..
    Just be sure to adjust your inbound acl to accomodate the new server:
       permit tcp any host 66.x.86.x eq www
    0
     

    Author Comment

    by:orbix
    Again, thanks for your help.

    I do have another question about this. Currently all out bound traffice is going out Int E3/2

    !
    ip nat inside source list 2 interface Ethernet3/2 overload = 66.x.66.1
    !
    ip route 0.0.0.0 0.0.0.0 66. x.66.1
    ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
    !

    But if that Int, or ISP IP goes down, the secondary Gateway will kick in, How will out bound traffic go? Will it all stop due to Int E3/2 (66.x.66.1) being down, or will the NAT Fail over as well as the gateway of last resort?
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    I'd have to see your complete config to see if that would also fail over..
    As long as the 66.xx.86.x subnet and the 66.xx.66.x subnets get broadcast from this router to the iSP, there's no issue.
    are you using BGP to send your network(s) to the ISP?
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now