IOS Router NAT question


Hello,

Lets say I have a router with two interfaces.  The first interface has address 10.1.1.1 and the second interface has address 20.1.1.1

What I want to do is NAT traffic arriving on a particular port on one interface, to an address/port on the other side of the router.

For example:

If someone connects to 10.1.1.1:5000 I want to NAT them to 20.1.1.2:4000.  The connection being instigated from the network on the 10.1.1.1 side.  So in this instance, the destination IP address is NATted, and the source IP address is left intact.

What I am looking for is the static NAT command I need in IOS, and where I should put the "nat inside" and "nat outside" interface commands.  No other nat is required on the router.

Thanks,

koan
LVL 9
muffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JoesmailCommented:
Interesting what you a trying to accomplish.  I haven't tried this in a test environment yet, although you might be able to use the following on the interfaces.

ip nat inside source static tcp 10.1.1.0 0.0.0.255 5000 20.1.1.0 0.0.0.255 4000
ip nat outside source static tcp 20.1.1.0 0.0.0.255 400010.1.1.0 0.0.0.255 5000
muffAuthor Commented:

My example called for a host to host NAT, rather than network to network, and NAT commands have two components, the nat command and the interface commands.

What I need is both and confirmation that it works if possible.

Many thanks,

koan
giltjrCommented:
I do not know the commands, but what you are attempting to do is not really a NAT, but a PAT.

Which is NAT'ing, but based on a specific destination port.  So you may want to look up PAT in the Cisco doc.  I'm 99% sure it is there, I know I have read it before, but it's been awhile.
lrmooreCommented:
>called for a host to host NAT
Not exactly. You want a portX to portY redirect to a different host..

Example script where traffic originates on the outside of the 10.1.1.x interface

Interface fast 0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat outside

interface fast 0/1
 ip address 20.1.1.1 255.255.255.0
 ip nat inside

ip nat inside source static tcp 20.1.1.2 4000 10.1.1.1 5000

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.