Link to home
Start Free TrialLog in
Avatar of hreyestech

asked on

Cisco Nat Configurations

I have a 2600 Cisco Router attached to a Cisco 871 that belongs to Cable Vision with a block of 5 public static IP addresses. I chose one of the open IP addresses to run my Cisco lab without success. I can ping the public IP address from my laptop cannot get online. I was told that I needed to Nat from private to public but when I do I still cannot get online. I was also told that from my personal 2600 to the 871 I should be going from Nat inside to nat outside. However, this still fails. What am I missing?
Avatar of Matt V
Matt V
Flag of Canada image

Can you ping the public IP of the 2600 from anywhere on the Internet?
Avatar of Honez

One iP address will be need to terminate the interface, then use a second ip adress for the NAT pool.
You can use a single IP for the interface and for NAT, but we need to know if the 871 is passing the network through or if we need NAT setup on the 871.

With my home connection, I have a 2621XM with a static IP and a /30 that is a different subnet.  I have to do static NAT mappings to my internal LAN IPs to use the /30.
Avatar of hreyestech


What would the correct configurations be? Matty I can ping the default gateway without issues. I can also ping the public IP address that I assigned to the iint fastethernet 0/0 with out issues. Honez? Do you mean nat the private?
If you can ping the public IP from another location (across the Internet) then you are all set.

On the 2600 you will need a line similar to:

ip nat inside source list 100 interface fastethernet 0/0 overload

Then define the inside IPs you would like to be nat'd in ACL 100

ip access-list extended 100
permit ip any

what do I do about outside IP Nat? should I configure the outer interface facing the internet?
What do you mean by outside IP nat?

Those statements tell the router to use the outside IP for all requests heading from the LAN to the Internet.

You will also need to add ip nat inside to the LAN interface and ip nat outside to the Fas0/0 interface.  

Other than that, you can add some ip inspect rules for tcp udp and ftp if your IOS supports it.
Matty I am aware of Outside Nat configurations... I was instructed to configure IP Nat outside for my Public and IP Inside for my private. From what I am reading here only inside nat configurations are required with an access list. Is this correct?
Avatar of Matt V
Matt V
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
These are my results..

Enter configuration commands, one per line.  End with CNTL/Z.
internet(config)#ip nat inside source static ex
internet(config)#$de source static extendable
*Mar  1 00:38:37.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan                                                                             ged state to up
*Mar  1 00:38:38.991: %SYS-5-CONFIG_I: Configured from console by console
internet#show ip nat tra
internet#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
---        ---                ---
That maps outside traffic in, what about allowing LAN traffic out?
what would be an example of mapping traffic out?   I have this  ip address
ip nat outside
I already posted that part:

ip nat inside source list 100 interface fastethernet 0/0 overload

ip access-list extended 100
permit ip any

interface fas0/0
  ip nat outside

interface fas0/1 (interface with on it)
  ip nat inside
I reloaded and reset my router . Read online documentation and matched it with the results given to me by this expert. He pointed me in the right direction and will try configuring the environment one more time.