cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
5
Helpful
4
Replies

NAT Problems

gavin.mckee
Level 1
Level 1

Hi,

Please advise me on my config...

I want to translate traffic from a group of internal hosts to a specfic global IP address. When I use a static 1 to 1 mapping it works:

However when I use the configuration below (using access lists and pool) it does not work.

ip nat pool ITG->NEONET 192.168.95.10 192.168.95.10 netmask 255.255.255.0

ip nat inside source list HOSTS->NEONET pool ITG->NEONET overload

ip nat inside source static 10.10.14.2 192.168.95.10

!

ip access-list extended HOSTS->NEONET

permit ip host 10.10.14.2 host 10.9.1.1 log

Any help rated!

Gavin

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Gavin

Your access-list is still referencing a single host ie.

permit ip host 10.10.14.2 host 10.9.1.1

If you want to translate a number of hosts should it not read

permit ip 10.10.14.0 0.0.0.255 host 10.9.1.1 log

I have used a class C subnet mask but you can modify to fit.

Jon

Hi Jon,

Thanks for your input, you were 100% correct. However what I want to do is NAT the source address based on the destination of their traffic.

So I want to NAT 10.10.14.2 -> 192.168.95.10 if they are trying to get to a range of hosts e.g

10.9.1.1, 10.9.2.1, 10.9.3.1. Is this possible?

Gavin

Gavin

No problem.

Assuming range of hosts is 10.9.1.1 -> 10.9.1.254 (again you can change to fit)

ip access-list extended HOSTS->NEONET

permit ip host 10.10.14.2 10.9.1.0 0.0.0.255 log

You also need to remove your statement

ip nat inside source static 10.10.14.2 192.168.95.10

HTH

Jon

It would be better to use a NAT with route-maps in your case

have a look here

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

HTH

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: