Sander Stad
asked on
Configure NAT to enable multiple public ip adresses
In my current situation a enabled NAT so that people are able to connect to a webserver.
I have multiple public IP adresses that I want to use to go different webservers on the network.
The range is: 80.x.x.145 to 80.x.x.158 where the 80.x.x.145 is the IP of the router.
I want to be able to NAT 80.x.x.146 to an ip address 10.x.x.11 but in some way, or I forgot something, it doesn't work.
Can anybody see what I forgot or did wrong.
The configuration is added below
cisco878-nat-ee.txt
I have multiple public IP adresses that I want to use to go different webservers on the network.
The range is: 80.x.x.145 to 80.x.x.158 where the 80.x.x.145 is the IP of the router.
I want to be able to NAT 80.x.x.146 to an ip address 10.x.x.11 but in some way, or I forgot something, it doesn't work.
Can anybody see what I forgot or did wrong.
The configuration is added below
cisco878-nat-ee.txt
ASKER
I put in the new NAT entries but still i'm not able to connect to the website.
Do I have to put the 80.x.x.146 ip address on one of the interfaces ?
Do I have to put the 80.x.x.146 ip address on one of the interfaces ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Something else that might be better for you is 1:1 NAT:
ip nat inside source static <inside IP> <outside IP>
ip nat inside source static 10.x.x.11 80.x.x.146
If you have multiple public IPs you can use this to map outside to inside by IP instead of port. So all traffic going to 80.x.x.146 will be forwarded to 10.x.x.11.
ip nat inside source static <inside IP> <outside IP>
ip nat inside source static 10.x.x.11 80.x.x.146
If you have multiple public IPs you can use this to map outside to inside by IP instead of port. So all traffic going to 80.x.x.146 will be forwarded to 10.x.x.11.
ASKER
that's possible but it doesn't solve my problem.
I think the problem is that the public ip address can't be reached but I don't know why
I think the problem is that the public ip address can't be reached but I don't know why
You haven't tested whether your public IP works? Goto www.whatismyip.org, that will tell you the address. Then www.nmap-online.com can scan your IP and tell you what ports are listening.
Did you test it with the new config, with the private IP first instead of last like you had it?
Did you test it with the new config, with the private IP first instead of last like you had it?
ASKER
I know what my ip is and I know the range. But I have an ip address 80.x.x.145 on the outside of my router and want to use 80.x.x.146 to be natted through on of t he servers.
If that IP is provided to you by your ISP, these statements should work:
ip nat inside source static tcp 10.x.x.11 80 80.x.x.146 80
ip nat inside source static tcp 10.x.x.11 443 80.x.x.146 443
or this:
ip nat inside source static 10.x.x.11 80.x.x.146
I don't see any issues with your config that would prevent this from working as long as that is a valid IP from your provider.
ip nat inside source static tcp 10.x.x.11 80 80.x.x.146 80
ip nat inside source static tcp 10.x.x.11 443 80.x.x.146 443
or this:
ip nat inside source static 10.x.x.11 80.x.x.146
I don't see any issues with your config that would prevent this from working as long as that is a valid IP from your provider.
ASKER
This is a valid IP from my service provider and that's what i created in the first place but how do I get this configuration that far that I can go to the location.
Do I have to set the 80.x.x.146 ip address on the interface in some way next to the other?
Because when I ping the address from an external server I don'tget a reply
Do I have to set the 80.x.x.146 ip address on the interface in some way next to the other?
Because when I ping the address from an external server I don'tget a reply
Pinging a NATed address is not a good diagnostic tool. You can test it by using that NMAP link I gave you. You can scan the IP from outside, it should show you whether the port is listening or not.
Those NATed addresses won't ping unless you're doing a 1:1 translation or you're forwarding ICMP to them. You will also need to allow it through any ACLs.
Those NATed addresses won't ping unless you're doing a 1:1 translation or you're forwarding ICMP to them. You will also need to allow it through any ACLs.
ASKER
I still don't have a solution to my problem. I'll try to explain my situation so maybe someone can help me.
I have a SDSL router configured with ppp to my ISP.
I have 13 usuable ip addresses ranging from 80.x.x.146 to 80.x.x.159. It is the following network 80.x.x.140/28.
I've got NAT already configured for a few servers but because I already used port 443 for another server I have to use another public ip address and NAT that to another server.
I had planned to use the 80.x.x.146 address.
In some way I can't get this configured because when I use NMap from an external server it still show closed ports. I tested the NAT with port 1000.
My question is simple. How can I NAT the ip address 80.x.x.146 to server 10.x.x.11 on port 443.
I have a SDSL router configured with ppp to my ISP.
I have 13 usuable ip addresses ranging from 80.x.x.146 to 80.x.x.159. It is the following network 80.x.x.140/28.
I've got NAT already configured for a few servers but because I already used port 443 for another server I have to use another public ip address and NAT that to another server.
I had planned to use the 80.x.x.146 address.
In some way I can't get this configured because when I use NMap from an external server it still show closed ports. I tested the NAT with port 1000.
My question is simple. How can I NAT the ip address 80.x.x.146 to server 10.x.x.11 on port 443.
ip nat inside source static tcp 10.x.x.11 443 80.x.x.146 443
ip nat inside source static 10.x.x.11 80.x.x.146
Both of those commands will accomplish this. The first will use PAT to translate that port and IP, the second is 1:1 NAT which will just translate IP to IP. They both work. If it isn't working for you, there is another issue we need to figure out. If you have it working for other servers just copy that config and modify the IPs.
ip nat inside source static 10.x.x.11 80.x.x.146
Both of those commands will accomplish this. The first will use PAT to translate that port and IP, the second is 1:1 NAT which will just translate IP to IP. They both work. If it isn't working for you, there is another issue we need to figure out. If you have it working for other servers just copy that config and modify the IPs.
ASKER
The NAT rules are installed but still when I go to the ip address from an external client it show me nothing.
When I use NMAP Online is show that the port isn't open.
What I find curious is that I have th idea that I'm missing something with the external ip address. Don't I have to set this somewhere?
Now the external ip address is negotiated with the ISP and is the following 80.x.x.145.
When I use NMAP Online is show that the port isn't open.
What I find curious is that I have th idea that I'm missing something with the external ip address. Don't I have to set this somewhere?
Now the external ip address is negotiated with the ISP and is the following 80.x.x.145.
You don't need that .146 IP anywhere, you just need it available from your use by the ISP and you need the "ip nat outside" command on the appropriate interface. One thing I see in your config is:
ip nat outside source static tcp 10.x.x.11 80 80.x.x.146 80 extendable
ip nat outside source static tcp 10.x.x.11 443 80.x.x.146 443 extendable
That should not be "outside", it should be "inside".
ip nat outside source static tcp 10.x.x.11 80 80.x.x.146 80 extendable
ip nat outside source static tcp 10.x.x.11 443 80.x.x.146 443 extendable
That should not be "outside", it should be "inside".
ASKER
This is my current config
config.txt
config.txt
Why is this command in there:
ip nat inside source list 10 pool external overload
And this:
interface Dialer0
ip policy route-map NAT-loop
I don't see that route-map anywhere.
Also, you don't currently have a NAT statement for .146, port 443 in your config. One more thing, your NAT ACL has unusual lines:
access-list 101 permit ip 10.x.x.0 0.0.0.255 any
access-list 101 permit tcp any host 10.x.x.4 eq 1723
access-list 101 permit tcp any host 10.x.x.6 eq smtp
access-list 101 permit tcp any host 10.x.x.6 eq 443
access-list 101 permit tcp any host 10.x.x.5 eq 3101
What are you trying to accomplish with these bottom four lines?
ip nat inside source list 10 pool external overload
And this:
interface Dialer0
ip policy route-map NAT-loop
I don't see that route-map anywhere.
Also, you don't currently have a NAT statement for .146, port 443 in your config. One more thing, your NAT ACL has unusual lines:
access-list 101 permit ip 10.x.x.0 0.0.0.255 any
access-list 101 permit tcp any host 10.x.x.4 eq 1723
access-list 101 permit tcp any host 10.x.x.6 eq smtp
access-list 101 permit tcp any host 10.x.x.6 eq 443
access-list 101 permit tcp any host 10.x.x.5 eq 3101
What are you trying to accomplish with these bottom four lines?
ASKER
I have tried so many things, also a route-map and removed it later on but didn't remove it from the interface. I removed it now.
The reason the it is not configured for 443 is because I want to test it with port 80. That rule is in there.
The other ACL's are used for other servers that are already using NAT but than with the ip address 80.x.x.145. That situation is already working.
The reason the it is not configured for 443 is because I want to test it with port 80. That rule is in there.
The other ACL's are used for other servers that are already using NAT but than with the ip address 80.x.x.145. That situation is already working.
Can you post a "sh ip route" please?
ASKER
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C 80.x.x.145 is directly connected, Dialer0
10.0.0.0/24 is subnetted, 2 subnets
C 10.100.0.0 is directly connected, Vlan1
C 10.200.0.0 is directly connected, Loopback0
194.109.5.0/32 is subnetted, 1 subnets
C 194.109.5.221 is directly connected, Dialer0
S* 0.0.0.0/0 is directly connected, Dialer0
80.0.0.0/32 is subnetted, 1 subnets
C 80.x.x.145 is directly connected, Dialer0
10.0.0.0/24 is subnetted, 2 subnets
C 10.100.0.0 is directly connected, Vlan1
C 10.200.0.0 is directly connected, Loopback0
194.109.5.0/32 is subnetted, 1 subnets
C 194.109.5.221 is directly connected, Dialer0
S* 0.0.0.0/0 is directly connected, Dialer0
Post "sh int dialer0" and "sh ip int dialer0" also please.
ASKER
show int dialer 0:
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 80.127.128.145/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 18/255, rxload 18/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 07:28:05
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 4000 bits/sec, 0 packets/sec
5 minute output rate 4000 bits/sec, 0 packets/sec
91142 packets input, 60179684 bytes
88385 packets output, 45179221 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 2304 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP
PPPoATM vaccess, cloned from Dialer0
Vaccess status 0x44
Bound to ATM0 VCD: 1, VPI: 2, VCI: 32, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:42, output never, output hang never
Last clearing of "show interface" counters 07:27:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 10000 bits/sec, 1 packets/sec
5 minute output rate 5000 bits/sec, 1 packets/sec
91152 packets input, 60179809 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
88397 packets output, 45179401 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------
show ip int dialer0:
Dialer0 is up, line protocol is up
Internet address is 80.127.128.145/32
Broadcast address is 255.255.255.255
Address determined by IPCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 80.127.128.145/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 18/255, rxload 18/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 07:28:05
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 4000 bits/sec, 0 packets/sec
5 minute output rate 4000 bits/sec, 0 packets/sec
91142 packets input, 60179684 bytes
88385 packets output, 45179221 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 2304 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP
PPPoATM vaccess, cloned from Dialer0
Vaccess status 0x44
Bound to ATM0 VCD: 1, VPI: 2, VCI: 32, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:42, output never, output hang never
Last clearing of "show interface" counters 07:27:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 10000 bits/sec, 1 packets/sec
5 minute output rate 5000 bits/sec, 1 packets/sec
91152 packets input, 60179809 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
88397 packets output, 45179401 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
--------------------------
show ip int dialer0:
Dialer0 is up, line protocol is up
Internet address is 80.127.128.145/32
Broadcast address is 255.255.255.255
Address determined by IPCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
I'm not seeing anything. Can you post "sh ip nat trans" please.
ASKER
show ip nat trans:
Pro Inside global Inside local Outside local Outside global
tcp 80.x.x.145:139 10.x.x.2:139 192.168.137.1:2299 192.168.137.1:2299
tcp 80.x.x.145:139 10.x.x.2:139 192.168.174.1:2021 192.168.174.1:2021
gre 80.x.x.145:256 10.x.x.4:256 83.86.85.194:256 83.86.85.194:256
tcp 80.x.x.145:1723 10.x.x.4:1723 82.95.140.59:1413 82.95.140.59:1413
tcp 80.x.x.145:1723 10.x.x.4:1723 83.86.85.194:50388 83.86.85.194:50388
tcp 80.x.x.145:1723 10.x.x.4:1723 94.211.77.150:51492 94.211.77.150:51492
tcp 80.x.x.145:1723 10.x.x.4:1723 --- ---
gre 80.x.x.145:9107 10.x.x.4:9107 83.86.85.194:9107 83.86.85.194:9107
gre 80.x.x.145:21005 10.x.x.4:21005 94.211.77.150:21005 94.211.77.150:21005
gre 80.x.x.145:32540 10.x.x.4:32540 94.211.77.150:32540 94.211.77.150:32540
gre 80.x.x.145:50274 10.x.x.4:50274 82.95.140.59:50274 82.95.140.59:50274
gre 80.x.x.145:62185 10.x.x.4:62185 82.95.140.59:62185 82.95.140.59:62185
tcp 80.x.x.145:3103 10.x.x.5:3103 --- ---
tcp 80.x.x.145:25 10.x.x.6:25 62.250.3.121:2460 62.250.3.121:2460
tcp 80.x.x.145:25 10.x.x.6:25 --- ---
tcp 80.x.x.145:443 10.x.x.6:443 --- ---
udp 80.x.x.145:46713 10.x.x.6:46713 192.168.174.1:1780 192.168.174.1:1780
udp 80.x.x.145:46714 10.x.x.6:46714 192.168.137.1:1779 192.168.137.1:1779
tcp 80.x.x.146:80 10.x.x.11:80 --- ---
udp 80.x.x.145:49152 10.x.x.69:49152 192.168.1.222:161 192.168.1.222:161
udp 80.x.x.145:49660 10.x.x.69:49660 194.109.6.66:53 194.109.6.66:53
tcp 80.x.x.145:50417 10.x.x.69:50417 69.63.187.17:80 69.63.187.17:80
tcp 80.x.x.145:50426 10.x.x.69:50426 66.102.13.18:80 66.102.13.18:80
tcp 80.x.x.145:50427 10.x.x.69:50427 66.102.13.189:80 66.102.13.189:80
tcp 80.x.x.145:50428 10.x.x.69:50428 66.102.13.18:80 66.102.13.18:80
udp 80.x.x.145:50941 10.x.x.69:50941 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:52267 10.x.x.69:52267 213.199.162.214:3544 213.199.162.214:3544
udp 80.x.x.145:52267 10.x.x.69:52267 213.199.162.215:3544 213.199.162.215:3544
udp 80.x.x.145:52292 10.x.x.69:52292 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:52334 10.x.x.69:52334 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:54476 10.x.x.69:54476 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56703 10.x.x.69:56703 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56807 10.x.x.69:56807 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56888 10.x.x.69:56888 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:57937 10.x.x.69:57937 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:60589 10.x.x.69:60589 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:61652 10.x.x.69:61652 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62078 10.x.x.69:62078 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62534 10.x.x.69:62534 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62593 10.x.x.69:62593 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:63957 10.x.x.69:63957 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:64032 10.x.x.69:64032 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:65031 10.x.x.69:65031 194.109.6.66:53 194.109.6.66:53
tcp 80.x.x.145:1613 10.x.x.71:1613 209.85.229.103:80 209.85.229.103:80
tcp 80.x.x.145:51497 10.x.x.74:51497 208.43.202.8:80 208.43.202.8:80
udp 80.x.x.145:1026 10.x.x.75:1026 192.168.2.195:161 192.168.2.195:161
Pro Inside global Inside local Outside local Outside global
tcp 80.x.x.145:139 10.x.x.2:139 192.168.137.1:2299 192.168.137.1:2299
tcp 80.x.x.145:139 10.x.x.2:139 192.168.174.1:2021 192.168.174.1:2021
gre 80.x.x.145:256 10.x.x.4:256 83.86.85.194:256 83.86.85.194:256
tcp 80.x.x.145:1723 10.x.x.4:1723 82.95.140.59:1413 82.95.140.59:1413
tcp 80.x.x.145:1723 10.x.x.4:1723 83.86.85.194:50388 83.86.85.194:50388
tcp 80.x.x.145:1723 10.x.x.4:1723 94.211.77.150:51492 94.211.77.150:51492
tcp 80.x.x.145:1723 10.x.x.4:1723 --- ---
gre 80.x.x.145:9107 10.x.x.4:9107 83.86.85.194:9107 83.86.85.194:9107
gre 80.x.x.145:21005 10.x.x.4:21005 94.211.77.150:21005 94.211.77.150:21005
gre 80.x.x.145:32540 10.x.x.4:32540 94.211.77.150:32540 94.211.77.150:32540
gre 80.x.x.145:50274 10.x.x.4:50274 82.95.140.59:50274 82.95.140.59:50274
gre 80.x.x.145:62185 10.x.x.4:62185 82.95.140.59:62185 82.95.140.59:62185
tcp 80.x.x.145:3103 10.x.x.5:3103 --- ---
tcp 80.x.x.145:25 10.x.x.6:25 62.250.3.121:2460 62.250.3.121:2460
tcp 80.x.x.145:25 10.x.x.6:25 --- ---
tcp 80.x.x.145:443 10.x.x.6:443 --- ---
udp 80.x.x.145:46713 10.x.x.6:46713 192.168.174.1:1780 192.168.174.1:1780
udp 80.x.x.145:46714 10.x.x.6:46714 192.168.137.1:1779 192.168.137.1:1779
tcp 80.x.x.146:80 10.x.x.11:80 --- ---
udp 80.x.x.145:49152 10.x.x.69:49152 192.168.1.222:161 192.168.1.222:161
udp 80.x.x.145:49660 10.x.x.69:49660 194.109.6.66:53 194.109.6.66:53
tcp 80.x.x.145:50417 10.x.x.69:50417 69.63.187.17:80 69.63.187.17:80
tcp 80.x.x.145:50426 10.x.x.69:50426 66.102.13.18:80 66.102.13.18:80
tcp 80.x.x.145:50427 10.x.x.69:50427 66.102.13.189:80 66.102.13.189:80
tcp 80.x.x.145:50428 10.x.x.69:50428 66.102.13.18:80 66.102.13.18:80
udp 80.x.x.145:50941 10.x.x.69:50941 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:52267 10.x.x.69:52267 213.199.162.214:3544 213.199.162.214:3544
udp 80.x.x.145:52267 10.x.x.69:52267 213.199.162.215:3544 213.199.162.215:3544
udp 80.x.x.145:52292 10.x.x.69:52292 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:52334 10.x.x.69:52334 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:54476 10.x.x.69:54476 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56703 10.x.x.69:56703 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56807 10.x.x.69:56807 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:56888 10.x.x.69:56888 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:57937 10.x.x.69:57937 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:60589 10.x.x.69:60589 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:61652 10.x.x.69:61652 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62078 10.x.x.69:62078 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62534 10.x.x.69:62534 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:62593 10.x.x.69:62593 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:63957 10.x.x.69:63957 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:64032 10.x.x.69:64032 194.109.6.66:53 194.109.6.66:53
udp 80.x.x.145:65031 10.x.x.69:65031 194.109.6.66:53 194.109.6.66:53
tcp 80.x.x.145:1613 10.x.x.71:1613 209.85.229.103:80 209.85.229.103:80
tcp 80.x.x.145:51497 10.x.x.74:51497 208.43.202.8:80 208.43.202.8:80
udp 80.x.x.145:1026 10.x.x.75:1026 192.168.2.195:161 192.168.2.195:161
ASKER
I solved the problem myself. It had nothing to do with the nat but with an internal IP confict.
My configuration was right in the first place. I'm going to give the points to victor for giving the right syntax.
Thanks for the effort though.
My configuration was right in the first place. I'm going to give the points to victor for giving the right syntax.
Thanks for the effort though.
ip nat outside source static tcp 80.x.x.146 80 10.x.x.11 80 extendable
ip nat outside source static tcp 80.x.x.146 443 10.x.x.11 443 extendable