NAT one-to-one-to-only-one

Unanswered Question


I'm trying to do the following, but can't find the way.

I have to configure a 1721 with one Serial and two ethernets. Serial0 receive internet trafic AND WAN trafic. One ethernet is connected to "internal" LAN and the other to the "unsecure" LAN.

A resumed configuration:

interface Serial0

ip address

ip nat outside

interface FastEthernet0

description INSIDE LAN

ip address

interface Ethernet0

description UNSECURE LAN

ip address

ip nat inside

interface Loopback0

description IP internet connections

ip nat outside

ip address x.x.x.113

interface Loopback1

description IP for GRE-TUNNELS

ip address

interface Tunnel1,2,3...


ip nat inside source list NAT interface Loopback0 overload

ip nat inside source static tcp 25 x.x.x.114 25 extendable

ip classless

ip route Serial0

ip access-list standard NAT


Customer need that:

-When connect to internet host Z.Z.Z.1, this connection have NATed as from x.x.x.117

-When internet host Z.Z.Z.1 (but... only this host) connect to x.x.x.117 (all ports, TCP UDP and ICMP) have a NATed route to host

-When host goes to any other internet hosts (as web surfing, for example) not be specifically NATed as x.x.x.117, instead would be NATed as a generic host (NATed as x.x.x.113)

I only find to do some-like-this as:

ip nat inside source static x.x.x.117

But then, ALL internet trafic that goes to x.x.x.117 is NATed to, and all traffic from is NATed to x.x.x.117. Where to say that this static NAT translation is only for/from Z.Z.Z.1?

I try to apply access-list to Loopback0 but in loopbacks, access-list dont work.

Is there some workaround to do all this?

Thanks in advance!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion