1

I'm not used to doing NAT on Cisco devices, and I'm tasked with bringing in traffic being sent to a public address that is routed to our gateway. I would like to NAT the traffic from our gateway (a Cisco 2901 router running IOS 15.0) to a private address.

From what I've read, I think this might work but I have a feeling I'm missing something.

interface GigabitEthernet0/1.1 ip address 63.145.168.58 255.255.255.252 ip nat outside interface GigabitEthernet0/0.1 ip address 10.2.0.3 255.255.0.0 ip nat inside ip nat inside source static udp 10.0.1.40 5060 72.165.117.130 5060 extendable

72.165.117.130 is one of our private (MPLS) WAN addresses that routes to 63.145.168.58. I'm trying to forward traffic sent to that address to an internal device at 10.0.1.40.

Is that all there is to creating a one-to-one NAT, or am I missing something?

Improve this question

1 Answer 1

Reset to default
2

I think you didn't quite understand the concept of NAT.

NAT means hiding your private IP address(es) behind the public address(es) of your router's external interface; with NAT, you can:

  • Have a packet start from one of your internal addresses (10.0.1.40) go outside your network and look to external devices like it originated from your router's external address (63.145.168.58), and
  • Have a packet come from outside your network to some port on your router's external IP address (63.145.168.58) and be forwarded by your router to one of your internal addresses (10.0.1.40).

But if a packet is going to some completely different address which is not managed by your router (like 72.165.117.130) and is not passing through the router itself, there's nothing at all the router can do to "intercept" it and forward it to some other destination.

Improve this answer
10
  • 72.165.117.130 is managed by the router in question. It's one of a small block (/29) of addresses being routed to it. Commented Nov 29, 2011 at 20:09
  • What do you mean by "managed"? Is it assigned to one of the router's interfaces? You said the router's external interface has the address 63.145.168.58. Commented Nov 29, 2011 at 20:10
  • Our ISP is sending traffic destined for 72.165.117.130 to our router. My understanding is that our router should be able to see these packets and change the destination, which the switches down the line would then be able to get to the device at 10.0.1.40. Commented Nov 29, 2011 at 20:12
  • If your router needs to receive and handle packets addressed to 72.165.117.130, it needs either to have that address assigned to one of its interfaces, or to have a route to where that address actually is. Commented Nov 29, 2011 at 20:14
  • Hrm, I'm not sure that makes sense to me. Maybe I'm not explaining the setup well enough. The ISP is routing a /29 subnet to our router for us to handle (72.165.117.128/29). Some of those packets will have a destination of 72.165.117.130. This subnet will route through our router at 63.145.168.58. You're saying that our router won't be able to translate the destination of these packets to an internal address unless we route them to another device? Commented Nov 29, 2011 at 20:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.