I'm trying to do the following, but can't find the way.
I have to configure a 1721 with one Serial and two ethernets. Serial0 receive internet trafic AND WAN trafic. One ethernet is connected to "internal" LAN and the other to the "unsecure" LAN.
A resumed configuration:
ip address 172.30.0.41 255.255.255.252
ip nat outside
description INSIDE LAN
ip address 10.1.0.1 255.255.0.0
description UNSECURE LAN
ip address 172.20.0.1 255.255.0.0
ip nat inside
description IP internet connections
ip nat outside
ip address x.x.x.113 255.255.255.240
description IP for GRE-TUNNELS
ip address 172.30.0.25 255.255.255.255
ip nat inside source list NAT interface Loopback0 overload
ip nat inside source static tcp 172.20.0.21 25 x.x.x.114 25 extendable
ip route 0.0.0.0 0.0.0.0 Serial0
ip access-list standard NAT
permit 172.20.0.0 0.0.255.255
Customer need that:
-When 172.20.0.99 connect to internet host Z.Z.Z.1, this connection have NATed as from x.x.x.117
-When internet host Z.Z.Z.1 (but... only this host) connect to x.x.x.117 (all ports, TCP UDP and ICMP) have a NATed route to host 172.20.0.99
-When host goes to any other internet hosts (as web surfing, for example) not be specifically NATed as x.x.x.117, instead would be NATed as a generic host (NATed as x.x.x.113)
I only find to do some-like-this as:
ip nat inside source static 172.20.0.99 x.x.x.117
But then, ALL internet trafic that goes to x.x.x.117 is NATed to 172.20.0.99, and all traffic from 172.20.0.99 is NATed to x.x.x.117. Where to say that this static NAT translation is only for/from Z.Z.Z.1?
I try to apply access-list to Loopback0 but in loopbacks, access-list dont work.
Is there some workaround to do all this?
Thanks in advance!!