01-21-2009 10:19 AM - edited 03-04-2019 12:55 AM
The interface g0/1 of 172.16.1.0/24 of Router is connected to switch with two subnets 172.16.1.0/24 & 172.16.2.0/24. We are running eigrp between them. Currently I'd like to have "ip nat outside" to apply on the outside g0/0 interface in the router and I just want to nat inside 172.16.2.0/24, but I don't want to nat inside 172.16.1.0/24. Where should I apply "ip nat inside" ? in the g0/1 interface?
Here is the following I want to apply in the router:
interface GigabitEthernet0/0
ip nat outside
ip nat inside
ip nat inside source list 7 interface GigabitEthernet0/0 overload
!
!
access-list 7 remark Access to Internet
access-list 7 permit 172.16.2.0 0.0.0.255
01-21-2009 10:28 AM
Hello Ken,
you may use a route-map so that you are able to invoke an extended ACL
access-list 111 deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 111 permit ip 172.16.2.0 0.0.0.255 any
route-map select-NAT permit 10
match ip address 111
and then change to
no ip nat inside source list 7 interface GigabitEthernet0/0 overload
ip nat inside source route-map select-NAT interface GigabitEthernet0/0 overload
Hope to help
Giuseppe
01-21-2009 10:51 AM
Thanks for help Giuseppe!
where should I apply "ip nat inside"? it should under interface g0/1?
01-21-2009 11:00 AM
"where should I apply "ip nat inside"? it should under interface g0/1?"
Yes you should and if you use a route-map as Giuseppe suggested it will only NAT the traffic you want to.
Jon
01-21-2009 11:05 AM
Jon,
just want to clarify that my silly concern, under interface g0/1 is 172.16.1.254 255.255.255.0 in the router and this interface g0/1 is directly connected to switch. The 172.16.2.0/24 is running in switch, Between the router and switch is running eigrp. Please help.
thanks,
Kne
01-21-2009 11:12 AM
Kne
Just had another look at the config. I would do it this way
ip nat inside source list 101 interface GigabitEthernet0/0 overload
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
but note that your original way would work as well. I just have the habit of using extended acl's with NAT.
When you add "ip nat inside" to gi0/1 that does not mean everything will be Natted. What define what you want to NAT is the "ip nat inside source ..." configuration and you are only telling it to NAT 172.16.2.0/24.
This will not affect EIGRP between the 2 devices if that is your concern.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: