Policy NAT

Unanswered Question
Feb 15th, 2009
User Badges:

Hi Experts,

I m doing policy-based static NAT with the following scenario.


R6----|

|---R4----------Serial---------R5

| -------- FR -----------

R1----|


R1,R4,R6 are on common Ethernet of subnet - 10.0.0.0/24 . R4 to R5 on serial link subnet is 155.1.45.0/24 and on FR link subnet is 155.1.0.0/24.

Other than this on R5, I have configured two loopbacks as loop 0 - 150.1.5.5/24 and loop 1 - 150.1.55.55/24.


I have configured OSPF between R4 & R5 for routing. R1 & R6 have default routes pointing to R4. So entire routing is complete.


Now, I have configured R4 as below,


ip nat inside source static 10.0.0.1 150.1.4.1 route-map NATLOOP0

ip nat inside source static 10.0.0.1 150.1.4.2 route-map NATLOOP1

ip nat inside source static 10.0.0.6 150.1.4.3 route-map NATLOOP0

ip nat inside source static 10.0.0.6 150.1.4.5 route-map NATLOOP1


ip access-list extended LOOPBACK0

permit ip 10.0.0.0 0.0.0.255 150.1.5.5 0.0.0.0


ip access-list extended LOOPBACK1

permit ip 10.0.0.0 0.0.0.255 150.1.55.55 0.0.0.0


route-map NATLOOP0 permit 10

match ip address LOOPBACK0

set ip next-hop 155.1.0.5


!


route-map NATLOOP1 permit 10

match ip address LOOPBACK1

set ip next-hop 155.1.45.5


So, In this case my NAT is not working as desired. I want to configure like this when I go frm R1 to loop 0 (150.1.5.5) of R5 traffic shl go to FR interface (155.1.0.5) and when I go frm R1 to Loop 1 of R5 (150.1.55.55) traffic shld go via serial interface (that is 155.1.45.5) with NAT translation.


But this is not working as per the requirement.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Mon, 02/16/2009 - 00:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Mazhar,

just a basic check:

have you configured


ip nat inside under R4 lan interface

and

ip nat outside out the relevant interfaces


without these commands NAT action is not triggered


Hope to help

Giuseppe


Marwan ALshawi Mon, 02/16/2009 - 02:14
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try the following as well this is for one router applly the other to other router


ip nat pool t0-l0 150.1.4.1 150.1.4.1


route map map1

match ip add LOOBACK0

match interface [outgoing interface]


ip nat inside source route-map map1 pool t0-l0


now this will do the nating based one ACL and outgoing interface


with NATing u can not use set next hop becuase it is not a policy route


to force ur router to send spicific traffic out thorugh a spicified interface u need to use a policy routing with a route map


apply it to the internal interface

this way ur traffic will be policy routed first then wil be nated


good luck


if helpful Rate

mazhar mahadik Mon, 02/16/2009 - 21:09
User Badges:

Hi marwanshawi ,


hey this is informative, will try to do in this way but still Doc CD has used set nxt hop under NAT.


Thanks.

Actions

This Discussion