Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Dynamic and static NAT

Reply
Thread Tools

Dynamic and static NAT

 
 
tomarseneault
Guest
Posts: n/a
 
      04-29-2010
I have a 3640 Router on a comcast cable line. It is a /30 network
(dhcp) so I have one external address. I currently have it setup with
PAT so that internal hosts can get out but I want to be able to ssh
in. This means I need to use the same IP for both ingress and egress
but all the examples I've been able to find use a larger subnet and
only use some address as ingress which are different than the egress
address. How do I share one address to do both duties? It was easy
with my netgear but it crapped out. (I don't have access to my router
from here so I'll have to post the config later)
 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      04-29-2010
On 29 Apr, 02:30, tomarseneault <(E-Mail Removed)> wrote:
> I have a 3640 Router on a comcast cable line. It is a /30 network
> (dhcp) so I have one external address. I currently have it setup with
> PAT so that internal hosts can get out but I want to be able to ssh
> in. This means I need to use the same IP for both ingress and egress
> but all the examples I've been able to find use a larger subnet and
> only use some address as ingress which are different than the egress
> address. How do I share one address to do both duties? It was easy
> with my netgear but it crapped out. (I don't have access to my router
> from here so I'll have to post the config later)


Please *everybody*, I beg you, sign the libel reform
petition as detailed in the signature. This is a critical
freedom of speach issue and we need your help.

Back to Cisco

Here is an example config.

ip nat inside source static udp 10.88.3.130 64328
interface Dialer0 64328
ip nat inside source static tcp 10.88.3.130 64328
interface Dialer0 64328
ip nat inside source route-map RM.nat interface Dialer0 overload

route-map RM.nat permit 10
match ip address ACL.nat

ip access-list extended ACL.nat
permit ip 10.88.3.0 0.0.0.255 any

You do not need the more complex route-map config
on the PAT (overload section). Any valid config there
will be OK.
Operationally it appears that packets are checked
firstly against the static NATs and then if there is no match
the dynamic nat is checked.

This config combines two static NATs to specific
tcp/udp ports and overload (PAT) outbound.

--
Please sign the libel reform petition - no matter
where you are in the world. Get others to sign too.
Help to change these oppressive laws.
http://www.libelreform.org/sign

http://www.senseaboutscience.org.uk/...site/about/476
http://www.libelreform.org/news/449-...tment-to-libel
http://www.libelreform.org/who-is-silenced
http://www.libelreform.org/our-repor...ings-of-report

If your writing can be read in England or Wales you
can be sued here. If you get sued, *you* have
to defend yourself. You are assumed
to be defamatory unless you can prove otherwise.
Legal costs can be £Ms. Of course if you are in
New York state you are explicitly protected by the
"The Libel Terrorism Protection Act". Some other US
states have similar protection.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
policy nat and static NAt wtpandar Cisco 0 09-12-2006 01:53 AM
acl+Static nat+Dynamic Nat yadap Cisco 0 08-31-2006 06:50 AM
IPSec tunnels + NAT overload + NAT static alpertech@yahoo.ca Cisco 1 01-20-2006 02:52 PM
NAT overload with some static NAT's and a block public IP's Ronald de Leeuw Cisco 2 07-03-2005 05:45 PM
NAT exemption versus Static NAT. Where is the difference? Anonymous Poster Cisco 0 04-26-2004 04:29 AM



Advertisments