cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
221
Views
0
Helpful
1
Replies

Policy NAT query

JAMES BALL
Level 1
Level 1

Hi,

We are multi-homed with two ISP's and are load balancing with OER. We have a WAN connection to our European Data Centre where there is a third internet connection. I want to add this third connection as an OER exit link.

As this WAN Connection is not part of our BGP setup, I need to translate traffic that OER decides to route over this link to an address that is routable over the WAN. This is easily achieved with:-

access-list 103 permit ip 123.0.0.0 0.0.0.255 any

ip nat inside source list 103 interface FastEthernet0/1 overload oer

For our Mail Server, I need to ensure that a one to one translation is made when OER selects the WAN as the best exit. i.e. I want to translate from the Public IP of our mail server to an address routable over the WAN, only when the traffic leaves via f0/1. This is to ensure that traffic from the mail server, originates from an address with a valid MX and SPF record.

I have briefly tested this using the configuration below and it seems to work, however it's not particularly elegant. Is there a neater way of achieving this?

interface Loopback1

ip address 10.0.0.1 255.255.255.255

ip nat inside source route-map MAIL interface Loopback1 overload reversible

access-list 106 remark -- MAIL Public --

access-list 106 permit ip host 123.0.0.1 any

route-map MAIL permit 10

match ip address 106

match interface FastEthernet0/1

I would also like to the translation to be triggered if hosts from the Internet initate connections to the mail server via the WAN. Hopefully the reversible keyword will achieve this?

Thanks!

James

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello James,

your understanding looks like correct.

see

reversible

(Optional) Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco