Nat (or what?)

towli · ‎09-07-2008

Hello all

My boss has asked me to configure a 2600 in a way so that all traffic destined for a server - lets call it 10.0.1.10 /24 located on eth 0/0 - is forwarded to another server - lets call it 10.0.2.10 /24 on eth0 0/1.

Is what i need a static nat ?

what should my config be like?

(assume i call eth 0/0 10.0.1.1 /24 and eth 0/1 10.0.2.1 /24)

???

thank you

/Jan

simontibbitts · ‎09-07-2008

Hi Jan.

Try this configuration.

interface Ethernet0/1

ip address 10.0.2.1 255.255.255.0

ip nat outside

!

interface Ethernet0/2

description INCOMING TRAFFIC

ip nat inside

ip policy route-map DIVERT_10.0.1.10

!

ip nat pool IP_10.0.2.10 10.0.2.10 10.0.2.10 netmask 255.255.255.0

ip nat inside destination list IP_10.1.0.10 pool IP_10.0.2.10

!

ip access-list extended IP_10.1.0.10

permit ip any host 10.1.0.10

!

route-map DIVERT_10.0.1.10 permit 10

match ip address IP_10.1.0.10

set interface Ethernet0/1

The reason I have added policy routing is because the routing decision is made before NAT on an inside to outside translation. Without the policy routing all the traffic will still be destined to E0/0 which isn't the outside interface so won't get NATTED. The configuration above should work, you need to configure 'ip nat inside' and 'ip policy route-map DIVERT_10.0.1.10' on ALL your incoming interfaces.

Simon

towli · ‎09-07-2008

Wau ! - thanx a bunch I would NEVER have figured this one out myself. I will let you know if it works as intended.

/Jan