[c-nsp] simultaneous use of static NAT and PAT overload??

Tim Franklin tim at colt.net
Tue Aug 2 09:55:42 EDT 2005


Hi Grant,

> I have a 26xx running 12.3 receiving a single dhcp address from a DSL 
> provider on int fa0/0. Int fa0/1 connects to a Checkpoint 
> (192.168.250.2). When I don't use the static entry Internet 
> acces works 
> at the location by virtue of the overload PAT statement.  However, I 
> want to be able to VPN to the Checkpoint which is why I want to add a 
> static entry.
> 
> I can only seem to use one entry or the other but not both 
> simultaneously.  Is there a work around?

I think you have to define the ports you want to staticly map through in
order for both to work at once.  (Otherwise the static will reserve *all*
ports / protocols for forwarding to the inside address, and there's nothing
left for the overload to overload onto).

Certainly the following works for me (albeit for on-line Burnout from a
privately addressed PS2, but you should be able to plug in appropriate
ports):

ip nat inside source list 20 interface FastEthernet0 overload
ip nat inside source static udp 10.10.10.65 6000 interface FastEthernet0
6000
ip nat inside source static udp 10.10.10.65 6001 interface FastEthernet0
6001
ip nat inside source static udp 10.10.10.65 3659 interface FastEthernet0
3659
ip nat inside source static udp 10.10.10.65 3658 interface FastEthernet0
3658

access-list 20 permit 10.10.10.0 0.0.0.255
access-list 20 deny   any

Where FE0 has the outside address I'm NATing everything to, and
10.10.10.0/24 is the inside network.

Regards,
Tim.

-- 
____________   Tim Franklin                 e: tim at colt.net 
\C/\O/\L/\T/   Product Engineering Manager  w: www.colt.net 
 V  V  V  V    Managed Data Services        t: +44 20 7863 5714 
Data | Voice | Managed Services             f: +44 20 7863 5876  




More information about the cisco-nsp mailing list