03-10-2009 11:52 AM - edited 03-06-2019 04:30 AM
I am trying to create Mulit-homed poicy NAT using route-map.
I have one router. (3845)
On this router I have one interface I've configured for ip nat inside. (192.168.17.2 - my user segment)
I have 2 outside interfaces- one to my ISP and the other to an external company that I need to NAT to. (Present my 192.168.17.0/24 network to that company as 10.227.75.64/27 range)
I have created 2 route-maps to try to direct the way source devices should grab perspective NAT's from pools depending on which destination they need to get to. (Internet or company "a")
I think my problems is with my ACL 25 & 26.
Can someone help me define what my ACL's should be?
Any help would be greatly appreciated.
interface GigabitEthernet0/0----------------INTERFACE TO COMPANY "A"
description COMPANY A_ROUTER_6/14
ip address 10.227.4.114 255.255.255.252
ip nat outside
duplex full
speed 100
media-type rj45
*******************************
interface FastEthernet3/0.1540-----------------INTERFACE TO ISP
description VLAN 1540 TO INTERNET
encapsulation dot1Q 1540
ip address 65.47.180.242 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
*******************************
interface GigabitEthernet0/1--------------------USER NETWORK
description USER Network
ip address 192.168.17.2 255.255.255.0
ip nat inside
duplex full
speed 100
media-type rj45
*******************************
ip nat pool NAT-TO-COMPANY-A 10.227.75.72 10.227.75.94 netmask 255.255.255.224
ip nat pool NAT-TO-INTERNET 67.106.75.43 67.106.75.43 netmask 255.255.255.248
ip nat inside source route-map TO-A pool NAT-TO-COMPANY-A
ip nat inside source route-map TO-INTERNET pool NAT-TO-INTERNET overload
access-list 25 permit 192.168.17.0 0.0.0.255
access-list 26 permit 192.168.17.0 0.0.0.255
route-map TO-INTERNET permit 10
match ip address 26
match interface FastEthernet3/0.1540
!
route-map TO-A permit 10
match ip address 25
match interface GigabitEthernet0/0
Solved! Go to Solution.
03-10-2009 12:15 PM
Your best bet would be to set up the company that you want to NAT TO as a source/destination address:
access-list 101 permit ip 192.168.17.0 0.0.0.255
You can send all other traffic out to the ISP.
HTH,
John
03-10-2009 12:15 PM
Your best bet would be to set up the company that you want to NAT TO as a source/destination address:
access-list 101 permit ip 192.168.17.0 0.0.0.255
You can send all other traffic out to the ISP.
HTH,
John
03-10-2009 01:07 PM
thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: