Dynamic and static NAT

Discussion in 'Cisco' started by tomarseneault, Apr 29, 2010.

  1. I have a 3640 Router on a comcast cable line. It is a /30 network
    (dhcp) so I have one external address. I currently have it setup with
    PAT so that internal hosts can get out but I want to be able to ssh
    in. This means I need to use the same IP for both ingress and egress
    but all the examples I've been able to find use a larger subnet and
    only use some address as ingress which are different than the egress
    address. How do I share one address to do both duties? It was easy
    with my netgear but it crapped out. (I don't have access to my router
    from here so I'll have to post the config later)
     
    tomarseneault, Apr 29, 2010
    #1
    1. Advertisements

  2. tomarseneault

    bod43 Guest

    Please *everybody*, I beg you, sign the libel reform
    petition as detailed in the signature. This is a critical
    freedom of speach issue and we need your help.

    Back to Cisco:)

    Here is an example config.

    ip nat inside source static udp 10.88.3.130 64328
    interface Dialer0 64328
    ip nat inside source static tcp 10.88.3.130 64328
    interface Dialer0 64328
    ip nat inside source route-map RM.nat interface Dialer0 overload

    route-map RM.nat permit 10
    match ip address ACL.nat

    ip access-list extended ACL.nat
    permit ip 10.88.3.0 0.0.0.255 any

    You do not need the more complex route-map config
    on the PAT (overload section). Any valid config there
    will be OK.
    Operationally it appears that packets are checked
    firstly against the static NATs and then if there is no match
    the dynamic nat is checked.

    This config combines two static NATs to specific
    tcp/udp ports and overload (PAT) outbound.

    --
    Please sign the libel reform petition - no matter
    where you are in the world. Get others to sign too.
    Help to change these oppressive laws.
    http://www.libelreform.org/sign

    http://www.senseaboutscience.org.uk/index.php/site/about/476
    http://www.libelreform.org/news/449-libel-reform-campaign-welcomes-jack-straws-commitment-to-libel
    http://www.libelreform.org/who-is-silenced
    http://www.libelreform.org/our-report/key-findings-of-report

    If your writing can be read in England or Wales you
    can be sued here. If you get sued, *you* have
    to defend yourself. You are assumed
    to be defamatory unless you can prove otherwise.
    Legal costs can be £Ms. Of course if you are in
    New York state you are explicitly protected by the
    "The Libel Terrorism Protection Act". Some other US
    states have similar protection.
     
    bod43, Apr 29, 2010
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.