06-18-2007 08:47 AM - edited 03-03-2019 05:29 PM
I have two hosts 192.168.5.224 and 192.168.5.225
They need to have a specific address that maps directly to inside global like this
192.168.5.224 -> 10.77.178.224
192.168.5.225 -> 10.77.178.225
Here is my config:
ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0
ip nat inside source route-map leaps-map pool leaps-natpool
ip nat inside source static 192.168.5.225 10.77.178.225 route-map leaps-map
ip nat inside source static 192.168.5.226 10.77.178.226 route-map leaps-map
ip nat inside source static 192.168.5.224 10.77.178.224 route-map leaps-map
access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255
!
route-map leaps-map permit 10
match ip address 101
!
The problem is that 192.168.5.224-225 does not consistently pickup 10.77.178.224-225 associated address.
Any clue as to why this is happening?
Thanks,
Greg
06-18-2007 08:50 PM
since u have put a static entry for 192.168.5.224 and 225 it should show a permeant entry in nat table.verify the same with "sh ip nat trans" cmd.
also try by removing the route-map portion from the static nat commands.there i dont see any use for putting the route-map in the
static nat command.
...lets hear more from experts...
...arun:)
06-18-2007 09:02 PM
Put "match-host" at the end. Like
"ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0 type match-host
Let me know if it works.
06-19-2007 09:03 PM
Hi Greg.
Can you provide us with the information of IP addresses (192.168.5.224-225) through "sh ip nat trans | inc .5.244|.5.225".
I wanna know what ip addresses are translated when those ips (192.168.5.224-225) go through nat processing.
For testing could you change the ACL statment as follow:
access-list 101 deny ip host 192.168.5.224 10.32.0.0 0.0.255.255
access-list 101 deny ip host 192.168.5.225 10.32.0.0 0.0.255.255
access-list 101 deny ip host 192.168.5.226 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255
access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255
And confirm my confusion with this commands
"clear ip nat trans *"
"show access-l 101"
"sh ip nat trans | inc .5.244|.5.225".
Hope this helps
Thot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide