Mixed NAT

Unanswered Question
Apr 26th, 2007
User Badges:

I have a 2801 router with 3 interfaces: A, B and C.

There are two subnets behind interface B: suppose we name them subnet B0 and B1.

I need to do policy NAT from int A to B (only for traffic going to B0). And I need to do policy NAT from int B to C (only for traffic coming from B1).

Is this possible to do on a single router ? and what is the approximate way to do it ?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Thu, 04/26/2007 - 00:43
User Badges:
  • Red, 2250 points or more

Hi


Small piece of a network/topology diagram will help here to understand the network/requirement..


regds


apaladi Thu, 04/26/2007 - 01:12
User Badges:

Please see below, let me know if it's still not clear. Thanks.

mohammedmahmoud Thu, 04/26/2007 - 00:47
User Badges:
  • Green, 3000 points or more

Hi there,


I think that you can do it with something like this, but how do you have 2 subnets behind 1 interface (B):



ip nat pool x.x.x.x x.x.x.x prefix-length y


ip nat inside source route-map b0 pool overload


access-list 1 permit


route-map b0 permit 10

match ip address 1

match interface


HTH, please rate if it does,

Mohammed Mahmoud.

apaladi Thu, 04/26/2007 - 01:09
User Badges:

Thanks for your reply, Mohammed.

I believe this configuration takes care only of the traffic flowing from B0. I need traffic to B1 to be translated on interface B at the same time.

mohammedmahmoud Thu, 04/26/2007 - 01:17
User Badges:
  • Green, 3000 points or more

Hi there,


You can use the same thing with the traffic of B1, according to the match of the route-map the traffic will be NATed:


ip nat pool w.w.w.w w.w.w.w prefix-length y


ip nat inside source route-map b1 pool overload


access-list 2 permit


route-map b1 permit 10

match ip address 2

match interface



HTH,

Mohammed Mahmoud.

apaladi Thu, 04/26/2007 - 01:36
User Badges:

This is also clear, but how do I configure NAT on the interface B itself: "ip nat inside" or "ip nat outside" or "ip nat enable" ?

mohammedmahmoud Thu, 04/26/2007 - 01:48
User Badges:
  • Green, 3000 points or more

Hi there,


Now i got you, change this statement:


ip nat outside source route-map b0 pool overload


instead of: ip nat inside source route-map b0 pool overload


and do "ip nat inside" for interface B, and "ip nat outside" for interface A and C.


HTH,

Mohammed Mahmoud.

apaladi Thu, 04/26/2007 - 20:06
User Badges:

Mohammed, thanks for your reply.

I cannot use IP pools, I need port overloading (NAPT) on each interface. When using "ip nat outside" it only allows you to use an ip pool.

Please see the drawing below. Each line represents the traffic flow, and the arrow represents the interface where each flow should be NATed.

Let me know if you have other ideas.

Thanks again.

apaladi Thu, 04/26/2007 - 01:00
User Badges:

As requested, I attach a sketch outlining the layout. As you see, the problem lies on interface B, where I need to do "NAT inside" for B1 subnet, and "NAT outside" for traffic to B0 hosts.


Actions

This Discussion