Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
5
Replies

Translation

kzhen
Level 1
Level 1

‎01-21-2009 10:19 AM - edited ‎03-04-2019 12:55 AM

The interface g0/1 of 172.16.1.0/24 of Router is connected to switch with two subnets 172.16.1.0/24 & 172.16.2.0/24. We are running eigrp between them. Currently I'd like to have "ip nat outside" to apply on the outside g0/0 interface in the router and I just want to nat inside 172.16.2.0/24, but I don't want to nat inside 172.16.1.0/24. Where should I apply "ip nat inside" ? in the g0/1 interface?

Here is the following I want to apply in the router:

interface GigabitEthernet0/0

ip nat outside

ip nat inside

ip nat inside source list 7 interface GigabitEthernet0/0 overload

!

!

access-list 7 remark Access to Internet

access-list 7 permit 172.16.2.0 0.0.0.255

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-21-2009 10:28 AM

Hello Ken,

you may use a route-map so that you are able to invoke an extended ACL

access-list 111 deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255

access-list 111 permit ip 172.16.2.0 0.0.0.255 any

route-map select-NAT permit 10

match ip address 111

and then change to

no ip nat inside source list 7 interface GigabitEthernet0/0 overload

ip nat inside source route-map select-NAT interface GigabitEthernet0/0 overload

Hope to help

Giuseppe

0 Helpful

kzhen
Level 1
Level 1
In response to Giuseppe Larosa

‎01-21-2009 10:51 AM

Thanks for help Giuseppe!

where should I apply "ip nat inside"? it should under interface g0/1?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to kzhen

‎01-21-2009 11:00 AM

"where should I apply "ip nat inside"? it should under interface g0/1?"

Yes you should and if you use a route-map as Giuseppe suggested it will only NAT the traffic you want to.

Jon

0 Helpful

kzhen
Level 1
Level 1
In response to Jon Marshall

‎01-21-2009 11:05 AM

Jon,

just want to clarify that my silly concern, under interface g0/1 is 172.16.1.254 255.255.255.0 in the router and this interface g0/1 is directly connected to switch. The 172.16.2.0/24 is running in switch, Between the router and switch is running eigrp. Please help.

thanks,

Kne

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to kzhen

‎01-21-2009 11:12 AM

Kne

Just had another look at the config. I would do it this way

ip nat inside source list 101 interface GigabitEthernet0/0 overload

access-list 101 permit ip 172.16.2.0 0.0.0.255 any

but note that your original way would work as well. I just have the habit of using extended acl's with NAT.

When you add "ip nat inside" to gi0/1 that does not mean everything will be Natted. What define what you want to NAT is the "ip nat inside source ..." configuration and you are only telling it to NAT 172.16.2.0/24.

This will not affect EIGRP between the 2 devices if that is your concern.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card