Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
8
Replies

How to perform simple nat on a router

Go to solution
dan_track
Level 1
Level 1

‎09-24-2008 05:55 AM - edited ‎03-06-2019 01:33 AM

Hi

I've got an old 6500 switch with an MSF card doing the routing for the switch. On one of the vlans I'd like to setup NAT, but I'm little uncertain about it. What I have is an internal network being routed to this switch via the wan, what I want is for any traffic destined for ip 10.10.10.0 255.255.255.0 to be natted to 10.45.12.128 255.255.255.192. What do I need to place on the vlan configuration and in the main configuration?

Thanks

Dan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to dan_track

‎09-24-2008 12:47 PM

Dan

Nat doesn't really "know" as such. You can have multiple "ip nat inside" statements and only one "ip nat outside" or any combination really.

By adding another "ip nat inside" you will not effect the existing one. The key is that all you are doing is saying any traffic coming in this interface is natted or any traffic leaving this interface is natted etc. You specify IP addresses/tcp|udp ports in the access-list.

Jon

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-24-2008 06:28 AM

Dan

Could you explain the topology a bit more. As an example

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip nat inside

int vlan 20

ip address 192.168.10.1 255.255.255.0

ip nat outside

ip nat pool NATIP 10.45.12.128 10.45.12.192 netmask 255.255.255.192

ip nat inside source list 101 pool NATIP overload

The above example would NAT any traffic coming from clients on vlan 10 and destined for any hosts reachable by vlan 20 interface to an IP address from the 10.45.12.128/26 range.

You may need to use a route-map for your NAT but it is a bit unclear from your description. See attached link for more details on NAT

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Edit - forgot the access-list 101 - see Satish's example for access-list.

Jon

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jon Marshall

‎09-24-2008 07:45 AM

Hi,

Thanks for the reply, I appreciate it. The only problem I have is that I already have nat set up on the router for vlan 10 and vlan 20. On vlan 10 I have set "ip nat inside" and on vlan 20 "ip nat outside".

If I've already configured these statements and my new vlans need the same statement how then can I match my pool, source list against the nat directions for my new vlans, i.e how can I create the uniqueness for these statements and their associated nat pool statements?

Hopefully I've made myself clear, if not please let me know.

Thanks

Dan

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to dan_track

‎09-24-2008 12:07 PM

Hi

Just wondering if someone could help with my follow up question!

Thanks

Dan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to dan_track

‎09-24-2008 12:21 PM

Dan

I'm not sure i fully understand.

ip nat inside source list 101 pool NATIP overload

This is the line that ties them together. So you define the traffic flows ie. source/dst IP addresses via an access-list and then you tie the pool to the access-list so you have uniqueness.

If i have misunderstood please come back.

Jon

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jon Marshall

‎09-24-2008 12:41 PM

Hi

It's probably me, but let's say I have the following:

vlan 10

ip nat inside

vlan 20

ip nat outside

vlan 100

ip nat inside

vlan 200

ip nat outside

How does nat know which "inside" statement relates to its corresponding "outside" statement?

If I have "ip nat inside" statement already and I add another one in a different vlan will the existing one be affected in any way?

Maybe it doesn't even matter and I'm looking at the wrong area and that what you mentioned about the nat pool is the real issue.

Your thoughts appreciated.

Thanks

Dan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to dan_track

‎09-24-2008 12:47 PM

Dan

Nat doesn't really "know" as such. You can have multiple "ip nat inside" statements and only one "ip nat outside" or any combination really.

By adding another "ip nat inside" you will not effect the existing one. The key is that all you are doing is saying any traffic coming in this interface is natted or any traffic leaving this interface is natted etc. You specify IP addresses/tcp|udp ports in the access-list.

Jon

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jon Marshall

‎09-24-2008 12:58 PM

Brilliant, that answered my question. Thanks for your help.

Dan

0 Helpful

Go to solution
satish_zanjurne
Level 4
Level 4

‎09-24-2008 06:38 AM

int vlan xx

ip nat inside

ip address a.b.c.x x.x.x.x

int wan

ip nat outside

ip address x.x.x.x x.x.x.x

ip nat source list 100 pool outsidepool

ip nat pool outsidepool 10.45.12.129-10.45.12.190 netmask 255.255.255.192

access-list 100 permit ip a.b.c.x x.x.x.x 10.10.10.0 0.0.0.255

where ,

a.b.c.x is your vlan IP address range.

HTH..rate if helpful...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card