Nat destation address

Unanswered Question
Jun 22nd, 2009
User Badges:

Hi all


I need to NAT the destination address only for certain hosts


So anyone coming from 192.168.0.0/24 trying to access 172.30.1.1 will be directed to 10.1.1.100 (real server address) This is only for the 192.168.0.0/24 range we dont want this NAT happening for our other sites.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Mon, 06/22/2009 - 06:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Which type of device ie. router or ASA ?

thotsaphon Mon, 06/22/2009 - 10:52
User Badges:
  • Gold, 750 points or more

Kate,

My logic got stuck. Please lab it up.



!

ip nat inside source static 10.1.1.100 172.30.1.1 route-map NATDEST reversible

!

ip access-list extended server

permit ip 192.168.1.0 0.0.0.255 host 172.16.30.1

!

route-map NATDEST permit 10

match ip address server

!


int XXX

description Connected to Server(10.1.1.100)

ip nat inside

!

int YYY

description Connected to WAN, 192.168.1.0 comming in

ip nat outside

!



Note: To make sure that the far side router already has route for 172.30.1.1 pointing to this router.


Hopes your router has no any NAT configuration deployed yet.(grin)


HTH,

Toshi

stretchlad Tue, 06/23/2009 - 09:35
User Badges:

Than you for the helpful repsonse. I wasn't able to try your suggestion as my image didn't support ip nat reversible.


I resolved the problem using NAT statics and route-maps as follows:


interface Loopback0

ip address 172.30.1.2 255.255.255.255

!

interface Loopback10

ip address 172.30.1.1 255.255.255.255

!

interface Ethernet0/0

ip address 1.1.1.1 255.255.255.0

ip nat outside

!

interface Ethernet0/1

ip address 10.1.5.251 255.255.255.0

ip nat inside

!

router eigrp 1

network 1.0.0.0

network 10.0.0.0

network 172.31.0.0

no auto-summary

!

ip nat inside source static 10.1.1.100 172.30.1.1 route-map MANNAT


!

ip access-list extended NAT

permit ip any 192.168.1.0 0.0.0.127

deny ip any any

route-map MANNAT permit 10

match ip address NAT

Actions

This Discussion