![cisco ios nat cisco ios nat](http://www.practicalnetworking.net/wp-content/uploads/2017/10/static-nat-success.png)
access-list 106 pool xxx_Surveillance refcount 0 Type rotary, total addresses 1, allocated 0 (0%), misses 0 Type rotary, total addresses 1, allocated 0 (0%), misses 3 access-list 103 pool xxx_sapbw refcount 0 Type rotary, total addresses 1, allocated 13 (1300%), misses 0 access-list 102 pool xxx_SAP refcount 13 Type rotary, total addresses 1, allocated 22 (2200%), misses 0 access-list 101 pool xxx_webserver refcount 22 access-list 10 interface FastEthernet0/0 refcount 1469 Total active translations: 1504 (0 static, 1504 dynamic 1504 extended)įastEthernet0/1, FastEthernet0/1.5, FastEthernet0/1.10, FastEthernet0/1.15įastEthernet0/1.20, FastEthernet0/1.25, FastEthernet0/1.30ĬEF Translated packets: 4158864, CEF Punted packets: 110268 I have include a copy of the NAT stats for you to look at. Any assistance/suggestions would be greatly appreciated. I have read the cisco docs but have not found a usable answer in them either.
CISCO IOS NAT HOW TO
I have searched hi & low trying to find a solution and/or suggestions on how to troubleshoot this problem.
![cisco ios nat cisco ios nat](https://integratingit.files.wordpress.com/2021/05/051221_1404_natonciscoi2.png)
The problem is that this is working for a few of the servers and not for the rest, even though the configuration is identical for all of them. I am using NAT port-forwarding to allow traffic from the Internet to reach 18 servers. I am having a similar problem as you described, and have implemented the inbound/outbound NAT & port-forwarding like your solution. Ip nat inside destination list WOW pool POOL1 Ip nat inside source list 1 interface FastEthernet0/1 overload Once I got beyond the idea that there can only be one ip nat pool, I realized that this is what I should have been doing all along.Īnd so, here's our re-worked configuration to allow the World of Warcraft updater to successfully pass through out Cisco IOS-based firewall. Ip nat inside destination list 102 pool POOL2Īccess-list 101 permit tcp any any range 100 300Īccess-list 102 permit tcp any any range 500 1000Īs you can see, TCP ports 100 through 300 are forwarded on to 192.168.1.1 and TCP ports 500 through 1000 go to 192.168.1.2. Ip nat inside destination list 101 pool POOL1 Finally, reader Serge worked with me to come up with a workable solution that resolves the port range problem but still works fine with multiple hosts. In hindsight, the reason none of these suggestions sat right with me is because all the examples assumed you only had one host behind the NAT configuration. Many readers have offered suggestions and links to other documents around the Internet offering various solutions, but none of them really sat quite right with me. As you might recall, I had previously taken umbrage with Cisco's inability to forward a range of ports to a particular host.