[c-nsp] Static Nat IOS

Peter Rathlev peter at rathlev.dk
Wed Mar 6 03:54:50 EST 2013 

I think it's a little unclear exactly what you want to accomplish.

On Mon, 2013-03-04 at 06:24 -0800, Bunny Singh wrote:
> I have 3 interfaces on my 2911, out of which gig0/0 is used for
> outside, gig0/1 is used as a inside and gig0/2 is used for management
> & nms alert.

The default route on your 2911 points at 10.25.17.9 and this address
belongs to the interface you define as "ip nat inside" and call "inside"
in your descriptions. This is a little confusing though perfectly legal.
> 
> Now i have a requirement to do the ping on WAN ip of my next hop on
> inside interface gig0/1 from NMS which are lies in gig0/2.
>  
> MY inside connecting router is maintained by some one else and has
> allowed only 8 ip's (10.14.29.8/29)

Is that the router with the address 10.25.17.9 on the inside interface?

>                                     through which i can access, now i
> want to use one of the ip

One of what IP addresses?

>                           so that i can NAT my nms ip (172.31.4.22) so
> that the nms can ping my other router wan ip (10.25.17.9) on inside
> network. Can any body tell me the static NAT config.

I've tried assembling a diagram of what your network looks like.

            |
            |  10.14.29.8/29
            |
            | .9
         +------+
         |  R1  |
         +------+
            | .17
            |
            | "outside" 172.25.20.16/29
      ^     |
      |     | .20
   DyNAT +------+  mgmt  172.31.9.0/24   +----+ ? +-----------------+
      |  | 2911 |------------------------| R3 |---| NMS 172.31.4.22 |
    | |  +------+  .70                .1 +----+   +-----------------+
    | |     | .12
    |       |
 Default    | "inside" 10.25.17.8/29
    |       |
    V       | .9
         +------+
         |  R2  |
         +------+
            | ?


Is this correct?

And you want 172.31.4.22 (the NMS) to be able to reach 10.25.17.9 (R2)
through the 2911, but presumably R2 currently does not route 172.31.4.22
back to you and you thus need 172.31.4.22 to be translated to something
else, maybe 10.14.29.x? And you need the current NAT configuration to
continue working as it is.

If that is the case you probably need to configure some "ouside NAT":

 ! *** 2911 ***
 interface GigabitEthernet0/2
  ip nat outside
 !
 ip nat outside source static 172.31.4.22 10.14.29.x
 !

I'm not exactly sure this would work and I can't test it right now. But
you could give it a try and keep in mind that it might disrupt
something.

-- 
Peter

More information about the cisco-nsp mailing list