Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

NAT Translation in Cisco router

cfabius
Level 1
Level 1

‎08-21-2008 08:44 AM - edited ‎03-06-2019 12:56 AM

So here's my dilemma,

interface FastEthernet0/0

ip nat inside

interface Vlan652

ip nat outside

ip nat inside source static 1.2.3.4 5.6.7.8

ip nat inside source static 1.2.3.5 5.6.7.9

Everything is fine, but now I need to introduce 2 new NAT's:

ip nat inside source static 2.2.3.4 6.6.7.8

ip nat inside source static 2.2.3.5 6.6.7.9

plus introduce 1 more oubound interface:

interface Vlan700

ip nat outside

Here's the trouble:

for the last 2 NAT entries, they must be advertised as UN-NAT'ed in int VLAN652

while being NAT'ed in int VLAN700

How do I do it?

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎08-21-2008 09:51 PM

Static NAT's basically get translated through the layer 3 routing path. In any case if you want to specifically map traffic based on the source IP addresses, you can use a route-map with a static NAT. route-map will have an access-list associated with it, which informs the source and destination subnets for outside NAT to happen.

eg

ip nat inside source static 2.2.3.4 6.6.7.8 route-map outbound1

route-map outbound1 permit 10

match ip address 100

set ip next-hop x.x.x.x

access-list 100 permit ip 192.168.10.0 0.0.0.255 10.1.0.0 0.0.0.255

In this case only traffic destinted through 10.1.0.0 (say through vlan 700) is natted. Any other traffic through vlan 652 is not natted. YOu can refer to the following URL for more info:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

Hope this helps. rate replies if found useful.

Raj

0 Helpful

cfabius
Level 1
Level 1
In response to sachinraja

‎08-22-2008 05:56 AM

Raj,

based on your example, I changed the access-list to reflect what I am trying to accomplish:

ip nat inside source static 2.2.3.4 6.6.7.8 route-map outbound1

route-map outbound1 permit 10

match ip address 100

set ip next-hop x.x.x.x

access-list 100 permit ip 2.2.3.4 0.0.0.0 10.1.0.0 0.0.0.255

My only other thought is that I wanted it to be unconditional without "set ip next hop" command

Please advise

regards,

Charles

0 Helpful

sachinraja
Level 9
Level 9
In response to cfabius

‎08-22-2008 06:10 AM

Its not mandatory.. you can remove the set ip next-hop statement and try.. you are just trying to match a source and destination and doing nat only to that particular IP addresses..

Let us know if it works.. all the best.. rate replies if found useful..

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card