06-22-2009 06:09 AM - edited 03-04-2019 05:12 AM
Hi all
I need to NAT the destination address only for certain hosts
So anyone coming from 192.168.0.0/24 trying to access 172.30.1.1 will be directed to 10.1.1.100 (real server address) This is only for the 192.168.0.0/24 range we dont want this NAT happening for our other sites.
06-22-2009 06:51 AM
Which type of device ie. router or ASA ?
06-22-2009 06:53 AM
This would be on a router.
06-22-2009 10:52 AM
Kate,
My logic got stuck. Please lab it up.
!
ip nat inside source static 10.1.1.100 172.30.1.1 route-map NATDEST reversible
!
ip access-list extended server
permit ip 192.168.1.0 0.0.0.255 host 172.16.30.1
!
route-map NATDEST permit 10
match ip address server
!
int XXX
description Connected to Server(10.1.1.100)
ip nat inside
!
int YYY
description Connected to WAN, 192.168.1.0 comming in
ip nat outside
!
Note: To make sure that the far side router already has route for 172.30.1.1 pointing to this router.
Hopes your router has no any NAT configuration deployed yet.(grin)
HTH,
Toshi
06-23-2009 09:35 AM
Than you for the helpful repsonse. I wasn't able to try your suggestion as my image didn't support ip nat reversible.
I resolved the problem using NAT statics and route-maps as follows:
interface Loopback0
ip address 172.30.1.2 255.255.255.255
!
interface Loopback10
ip address 172.30.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
!
interface Ethernet0/1
ip address 10.1.5.251 255.255.255.0
ip nat inside
!
router eigrp 1
network 1.0.0.0
network 10.0.0.0
network 172.31.0.0
no auto-summary
!
ip nat inside source static 10.1.1.100 172.30.1.1 route-map MANNAT
!
ip access-list extended NAT
permit ip any 192.168.1.0 0.0.0.127
deny ip any any
route-map MANNAT permit 10
match ip address NAT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide