Nat destation address

stretchlad · ‎06-22-2009

Hi all

I need to NAT the destination address only for certain hosts

So anyone coming from 192.168.0.0/24 trying to access 172.30.1.1 will be directed to 10.1.1.100 (real server address) This is only for the 192.168.0.0/24 range we dont want this NAT happening for our other sites.

Jon Marshall · ‎06-22-2009

Which type of device ie. router or ASA ?

stretchlad · ‎06-22-2009

This would be on a router.

Thotsaphon Lueangwattanaphong · ‎06-22-2009

Kate,

My logic got stuck. Please lab it up.

!

ip nat inside source static 10.1.1.100 172.30.1.1 route-map NATDEST reversible

!

ip access-list extended server

permit ip 192.168.1.0 0.0.0.255 host 172.16.30.1

!

route-map NATDEST permit 10

match ip address server

!

int XXX

description Connected to Server(10.1.1.100)

ip nat inside

!

int YYY

description Connected to WAN, 192.168.1.0 comming in

ip nat outside

!

Note: To make sure that the far side router already has route for 172.30.1.1 pointing to this router.

Hopes your router has no any NAT configuration deployed yet.(grin)

HTH,

Toshi

stretchlad · ‎06-23-2009

Than you for the helpful repsonse. I wasn't able to try your suggestion as my image didn't support ip nat reversible.

I resolved the problem using NAT statics and route-maps as follows:

interface Loopback0

ip address 172.30.1.2 255.255.255.255

!

interface Loopback10

ip address 172.30.1.1 255.255.255.255

!

interface Ethernet0/0

ip address 1.1.1.1 255.255.255.0

ip nat outside

!

interface Ethernet0/1

ip address 10.1.5.251 255.255.255.0

ip nat inside

!

router eigrp 1

network 1.0.0.0

network 10.0.0.0

network 172.31.0.0

no auto-summary

!

ip nat inside source static 10.1.1.100 172.30.1.1 route-map MANNAT

!

ip access-list extended NAT

permit ip any 192.168.1.0 0.0.0.127

deny ip any any

route-map MANNAT permit 10

match ip address NAT