Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
6
Replies

Crazy NAT question

Go to solution
peperg
Level 1
Level 1

‎07-07-2008 10:07 AM - edited ‎03-03-2019 10:37 PM

Here is what I am trying to do ....

I have a series of hosts A - F. I need them to communicate with hosts in an external/24 network, Network z. The communication can come from any of my hosts to any host in network z. I need to nat the traffic as it leaves my network towards network z but only from the hosts A - F. Also, I need to have static assignments for the NATs of hosts A - F. To make it better in another segment I have hosts G - k that I need to do the same NATting to Network Z but not between each other or any other host on my network.

I would like to not setup 6 nat pools, 6 ip nat inside source list statements and 6 access-lists. Is there a cleaner way of doing this with maybe a route-map or something. I feel that this is much easier than I think I might be making it.

Peper

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.alekseev
Level 7
Level 7

‎07-07-2008 11:31 AM

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

View solution in original post

0 Helpful
6 Replies 6

Go to solution
cybrsage
Level 1
Level 1

‎07-07-2008 10:47 AM

What device are you using to NAT through and what IOS revision?

I do not know the answer to your question, but I can see this as being needed info for others.

0 Helpful

Go to solution
peperg
Level 1
Level 1
In response to cybrsage

‎07-07-2008 10:50 AM

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

0 Helpful

Go to solution
peperg
Level 1
Level 1
In response to cybrsage

‎07-07-2008 11:31 AM

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

0 Helpful

Go to solution
a.alekseev
Level 7
Level 7

‎07-07-2008 11:31 AM

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

0 Helpful

Go to solution
peperg
Level 1
Level 1
In response to a.alekseev

‎07-07-2008 11:49 AM

Thank you!! I just found a doc that describes that pretty closely back in the 12.2 documentation.

I just got handed a snag in that the network Z will also be initiating traffic. Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

From what I can tell it should be able to work both ways.

0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to peperg

‎07-07-2008 11:58 AM

Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

I think, you needn't

That is enough for bidirectional communication.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card