12-14-2007 03:07 AM - edited 03-03-2019 07:56 PM
Hi,
Please advise me on my config...
I want to translate traffic from a group of internal hosts to a specfic global IP address. When I use a static 1 to 1 mapping it works:
However when I use the configuration below (using access lists and pool) it does not work.
ip nat pool ITG->NEONET 192.168.95.10 192.168.95.10 netmask 255.255.255.0
ip nat inside source list HOSTS->NEONET pool ITG->NEONET overload
ip nat inside source static 10.10.14.2 192.168.95.10
!
ip access-list extended HOSTS->NEONET
permit ip host 10.10.14.2 host 10.9.1.1 log
Any help rated!
Gavin
12-14-2007 03:13 AM
Gavin
Your access-list is still referencing a single host ie.
permit ip host 10.10.14.2 host 10.9.1.1
If you want to translate a number of hosts should it not read
permit ip 10.10.14.0 0.0.0.255 host 10.9.1.1 log
I have used a class C subnet mask but you can modify to fit.
Jon
12-14-2007 03:21 AM
Hi Jon,
Thanks for your input, you were 100% correct. However what I want to do is NAT the source address based on the destination of their traffic.
So I want to NAT 10.10.14.2 -> 192.168.95.10 if they are trying to get to a range of hosts e.g
10.9.1.1, 10.9.2.1, 10.9.3.1. Is this possible?
Gavin
12-14-2007 03:28 AM
Gavin
No problem.
Assuming range of hosts is 10.9.1.1 -> 10.9.1.254 (again you can change to fit)
ip access-list extended HOSTS->NEONET
permit ip host 10.10.14.2 10.9.1.0 0.0.0.255 log
You also need to remove your statement
ip nat inside source static 10.10.14.2 192.168.95.10
HTH
Jon
12-14-2007 03:31 AM
It would be better to use a NAT with route-maps in your case
have a look here
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
HTH
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: