Unanswered Question
Jan 21st, 2009

The interface g0/1 of of Router is connected to switch with two subnets & We are running eigrp between them. Currently I'd like to have "ip nat outside" to apply on the outside g0/0 interface in the router and I just want to nat inside, but I don't want to nat inside Where should I apply "ip nat inside" ? in the g0/1 interface?

Here is the following I want to apply in the router:

interface GigabitEthernet0/0

ip nat outside

ip nat inside

ip nat inside source list 7 interface GigabitEthernet0/0 overload



access-list 7 remark Access to Internet

access-list 7 permit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 01/21/2009 - 10:28

Hello Ken,

you may use a route-map so that you are able to invoke an extended ACL

access-list 111 deny ip

access-list 111 permit ip any

route-map select-NAT permit 10

match ip address 111

and then change to

no ip nat inside source list 7 interface GigabitEthernet0/0 overload

ip nat inside source route-map select-NAT interface GigabitEthernet0/0 overload

Hope to help


kzhen Wed, 01/21/2009 - 10:51

Thanks for help Giuseppe!

where should I apply "ip nat inside"? it should under interface g0/1?

Jon Marshall Wed, 01/21/2009 - 11:00

"where should I apply "ip nat inside"? it should under interface g0/1?"

Yes you should and if you use a route-map as Giuseppe suggested it will only NAT the traffic you want to.


kzhen Wed, 01/21/2009 - 11:05


just want to clarify that my silly concern, under interface g0/1 is in the router and this interface g0/1 is directly connected to switch. The is running in switch, Between the router and switch is running eigrp. Please help.



Jon Marshall Wed, 01/21/2009 - 11:12


Just had another look at the config. I would do it this way

ip nat inside source list 101 interface GigabitEthernet0/0 overload

access-list 101 permit ip any

but note that your original way would work as well. I just have the habit of using extended acl's with NAT.

When you add "ip nat inside" to gi0/1 that does not mean everything will be Natted. What define what you want to NAT is the "ip nat inside source ..." configuration and you are only telling it to NAT

This will not affect EIGRP between the 2 devices if that is your concern.



This Discussion