Dynamic and static NAT

Discussion in 'Cisco' started by tomarseneault, Apr 29, 2010.

  1. I have a 3640 Router on a comcast cable line. It is a /30 network
    (dhcp) so I have one external address. I currently have it setup with
    PAT so that internal hosts can get out but I want to be able to ssh
    in. This means I need to use the same IP for both ingress and egress
    but all the examples I've been able to find use a larger subnet and
    only use some address as ingress which are different than the egress
    address. How do I share one address to do both duties? It was easy
    with my netgear but it crapped out. (I don't have access to my router
    from here so I'll have to post the config later)
     
    tomarseneault, Apr 29, 2010
    #1
    1. Advertising

  2. tomarseneault

    bod43 Guest

    On 29 Apr, 02:30, tomarseneault <> wrote:
    > I have a 3640 Router on a comcast cable line. It is a /30 network
    > (dhcp) so I have one external address. I currently have it setup with
    > PAT so that internal hosts can get out but I want to be able to ssh
    > in. This means I need to use the same IP for both ingress and egress
    > but all the examples I've been able to find use a larger subnet and
    > only use some address as ingress which are different than the egress
    > address. How do I share one address to do both duties? It was easy
    > with my netgear but it crapped out. (I don't have access to my router
    > from here so I'll have to post the config later)


    Please *everybody*, I beg you, sign the libel reform
    petition as detailed in the signature. This is a critical
    freedom of speach issue and we need your help.

    Back to Cisco:)

    Here is an example config.

    ip nat inside source static udp 10.88.3.130 64328
    interface Dialer0 64328
    ip nat inside source static tcp 10.88.3.130 64328
    interface Dialer0 64328
    ip nat inside source route-map RM.nat interface Dialer0 overload

    route-map RM.nat permit 10
    match ip address ACL.nat

    ip access-list extended ACL.nat
    permit ip 10.88.3.0 0.0.0.255 any

    You do not need the more complex route-map config
    on the PAT (overload section). Any valid config there
    will be OK.
    Operationally it appears that packets are checked
    firstly against the static NATs and then if there is no match
    the dynamic nat is checked.

    This config combines two static NATs to specific
    tcp/udp ports and overload (PAT) outbound.

    --
    Please sign the libel reform petition - no matter
    where you are in the world. Get others to sign too.
    Help to change these oppressive laws.
    http://www.libelreform.org/sign

    http://www.senseaboutscience.org.uk/index.php/site/about/476
    http://www.libelreform.org/news/449-libel-reform-campaign-welcomes-jack-straws-commitment-to-libel
    http://www.libelreform.org/who-is-silenced
    http://www.libelreform.org/our-report/key-findings-of-report

    If your writing can be read in England or Wales you
    can be sued here. If you get sued, *you* have
    to defend yourself. You are assumed
    to be defamatory unless you can prove otherwise.
    Legal costs can be £Ms. Of course if you are in
    New York state you are explicitly protected by the
    "The Libel Terrorism Protection Act". Some other US
    states have similar protection.
     
    bod43, Apr 29, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sharqy_5
    Replies:
    0
    Views:
    3,991
    Sharqy_5
    Jul 20, 2003
  2. kfirs Sayag

    static nat and dynamic at pix 501

    kfirs Sayag, Dec 10, 2003, in forum: Cisco
    Replies:
    2
    Views:
    1,117
    Walter Roberson
    Dec 10, 2003
  3. Hans-Peter Walter
    Replies:
    3
    Views:
    1,213
    Joe Bloggs
    Jan 21, 2004
  4. Harvey Colwell
    Replies:
    3
    Views:
    981
  5. yadap

    acl+Static nat+Dynamic Nat

    yadap, Aug 31, 2006, in forum: Cisco
    Replies:
    0
    Views:
    695
    yadap
    Aug 31, 2006
Loading...

Share This Page