Static NAT routes from multiple external IPs (cisco 831)

[LeviReep]

Hello,

I'm using a Cisco 831 to provide some static NAT routes to internal machines from multiple external IPs. I have 5 external IP addresses, but for some reason, the only NAT routes are are working are the ones for the first IP address I assigned the external interface.

I assigned the other 4 addresses as secondary IPs for the interface. I can ping the secondary IPs, but the NAT routes don't work. I think I'm missing something simple, but I'm a total newbie at working with cisco routers.

Here's a snippet from my current router config (the only static nat routes working are the ones to the 69.XX.XX.130 address):

interface Ethernet0
ip address 192.168.0.2 255.255.255.0
ip nat inside
no cdp enable
!
interface Ethernet1
ip address 69.XX.XX.134 255.255.255.248 secondary
ip address 69.XX.XX.133 255.255.255.248 secondary
ip address 69.XX.XX.132 255.255.255.248 secondary
ip address 69.XX.XX.131 255.255.255.248 secondary
ip address 69.XX.XX.130 255.255.255.248
ip nat outside
duplex auto
no cdp enable
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip default-gateway 69.XX.XX.129
ip nat inside source list 7 interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.100 81 69.XX.XX.130 81 extendable
ip nat inside source static tcp 192.168.0.100 82 69.XX.XX.130 82 extendable
ip nat inside source static tcp 192.168.0.100 83 69.XX.XX.130 83 extendable
ip nat inside source static tcp 192.168.0.100 84 69.XX.XX.130 84 extendable
ip nat inside source static tcp 192.168.0.100 85 69.XX.XX.130 85 extendable
ip nat inside source static tcp 192.168.0.100 408 69.XX.XX.130 4081 extendable
ip nat inside source static tcp 192.168.0.100 4081 69.XX.XX.130 4081 extendable
ip nat inside source static tcp 192.168.0.100 4082 69.XX.XX.130 4082 extendable
ip nat inside source static tcp 192.168.0.100 4083 69.XX.XX.130 4083 extendable
ip nat inside source static tcp 192.168.0.100 4084 69.XX.XX.130 4084 extendable
ip nat inside source static tcp 192.168.0.100 4085 69.XX.XX.130 4085 extendable
ip nat inside source static tcp 192.168.0.100 5900 69.XX.XX.130 5900 extendable
ip nat inside source static tcp 192.168.0.105 25 69.XX.XX.130 25 extendable
ip nat inside source static tcp 192.168.0.105 80 69.XX.XX.130 80 extendable
ip nat inside source static tcp 192.168.0.105 110 69.XX.XX.130 110 extendable
ip nat inside source static tcp 192.168.0.105 143 69.XX.XX.130 143 extendable
ip nat inside source static tcp 192.168.0.102 8000 69.XX.XX.130 8000 extendable
ip nat inside source static tcp 192.168.0.103 8080 69.XX.XX.130 8080 extendable
ip nat inside source static tcp 192.168.0.103 8081 69.XX.XX.130 8081 extendable
ip nat inside source static udp 192.168.0.199 27500 69.XX.XX.130 27500 extendable
ip nat inside source static tcp 192.168.0.111 80 69.XX.XX.131 80 extendable
ip nat inside source static tcp 192.168.0.112 80 69.XX.XX.132 80 extendable
ip nat inside source static tcp 192.168.0.113 80 69.XX.XX.133 80 extendable
ip nat inside source static tcp 192.168.0.114 443 69.XX.XX.134 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 69.XX.XX.129
ip route 192.168.0.0 255.255.255.0 Ethernet0
no ip http server
no ip http secure-server
!
access-list 7 permit 192.168.0.0 0.0.0.255


Thanks,

Levi

 

[LeviReep]

I got it all sorted. I had to remove the secondary IPs from the external interface. And then remove and add back in all the static NAT routes for the 131-134 ips.

-l