06-22-2009 06:09 AM - edited 03-04-2019 05:12 AM
Hi all
I need to NAT the destination address only for certain hosts
So anyone coming from 192.168.0.0/24 trying to access 172.30.1.1 will be directed to 10.1.1.100 (real server address) This is only for the 192.168.0.0/24 range we dont want this NAT happening for our other sites.
06-22-2009 06:51 AM
Which type of device ie. router or ASA ?
06-22-2009 06:53 AM
This would be on a router.
06-22-2009 10:52 AM
Kate,
My logic got stuck. Please lab it up.
!
ip nat inside source static 10.1.1.100 172.30.1.1 route-map NATDEST reversible
!
ip access-list extended server
permit ip 192.168.1.0 0.0.0.255 host 172.16.30.1
!
route-map NATDEST permit 10
match ip address server
!
int XXX
description Connected to Server(10.1.1.100)
ip nat inside
!
int YYY
description Connected to WAN, 192.168.1.0 comming in
ip nat outside
!
Note: To make sure that the far side router already has route for 172.30.1.1 pointing to this router.
Hopes your router has no any NAT configuration deployed yet.(grin)
HTH,
Toshi
06-23-2009 09:35 AM
Than you for the helpful repsonse. I wasn't able to try your suggestion as my image didn't support ip nat reversible.
I resolved the problem using NAT statics and route-maps as follows:
interface Loopback0
ip address 172.30.1.2 255.255.255.255
!
interface Loopback10
ip address 172.30.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
!
interface Ethernet0/1
ip address 10.1.5.251 255.255.255.0
ip nat inside
!
router eigrp 1
network 1.0.0.0
network 10.0.0.0
network 172.31.0.0
no auto-summary
!
ip nat inside source static 10.1.1.100 172.30.1.1 route-map MANNAT
!
ip access-list extended NAT
permit ip any 192.168.1.0 0.0.0.127
deny ip any any
route-map MANNAT permit 10
match ip address NAT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: