07-07-2008 10:07 AM - edited 03-03-2019 10:37 PM
Here is what I am trying to do ....
I have a series of hosts A - F. I need them to communicate with hosts in an external/24 network, Network z. The communication can come from any of my hosts to any host in network z. I need to nat the traffic as it leaves my network towards network z but only from the hosts A - F. Also, I need to have static assignments for the NATs of hosts A - F. To make it better in another segment I have hosts G - k that I need to do the same NATting to Network Z but not between each other or any other host on my network.
I would like to not setup 6 nat pools, 6 ip nat inside source list statements and 6 access-lists. Is there a cleaner way of doing this with maybe a route-map or something. I feel that this is much easier than I think I might be making it.
Peper
Solved! Go to Solution.
07-07-2008 11:31 AM
conf t
ip access-list ext POLICY-NAT
permit host a.a.a.a z.z.z.0 0.0.0.255
...
permit host f.f.f.f z.z.z.0 0.0.0.255
route-map POLICY-NAT permit 10
match ip address POLICY-NAT
int f0/0
ip nat outside
int f0/1
ip nat inside
ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT
...
ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT
07-07-2008 10:47 AM
What device are you using to NAT through and what IOS revision?
I do not know the answer to your question, but I can see this as being needed info for others.
07-07-2008 10:50 AM
varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.
Peper
07-07-2008 11:31 AM
varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.
Peper
07-07-2008 11:31 AM
conf t
ip access-list ext POLICY-NAT
permit host a.a.a.a z.z.z.0 0.0.0.255
...
permit host f.f.f.f z.z.z.0 0.0.0.255
route-map POLICY-NAT permit 10
match ip address POLICY-NAT
int f0/0
ip nat outside
int f0/1
ip nat inside
ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT
...
ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT
07-07-2008 11:49 AM
Thank you!! I just found a doc that describes that pretty closely back in the 12.2 documentation.
I just got handed a snag in that the network Z will also be initiating traffic. Can I add to the same POLICY-NAT acl
permit z.z.z.0 0.0.0.255 host f.f.f.f
From what I can tell it should be able to work both ways.
07-07-2008 11:58 AM
Can I add to the same POLICY-NAT acl
permit z.z.z.0 0.0.0.255 host f.f.f.f
I think, you needn't
That is enough for bidirectional communication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide