Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2305
Views
0
Helpful
5
Replies

Router 12.4: Inside -> Outside Source NAT with specific Traffic target

Go to solution
kmmehlkmmehl
Level 1
Level 1

‎01-05-2010 11:30 PM - edited ‎03-04-2019 07:07 AM

Hello!

I have a problem.

I want to Source Nat Traffic going from one internal Host to one Specific External Host (remote system) to a specific IP on an outside Interface.

Any Idea?

Thanks!

E.g

(Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rajatsetia
Level 1
Level 1

‎01-06-2010 01:24 AM

Hi

Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3

Try this-

ip nat inside source static 10.1.1.1 3.3.3.3 route-map test

route-map test permit 10

match ip address 101

"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"

"for source port 25"

access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8

"for destination port 25 "

access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25

HTH

Regards

View solution in original post

0 Helpful
5 Replies 5

Go to solution
rajatsetia
Level 1
Level 1

‎01-06-2010 01:24 AM

Hi

Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3

Try this-

ip nat inside source static 10.1.1.1 3.3.3.3 route-map test

route-map test permit 10

match ip address 101

"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"

"for source port 25"

access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8

"for destination port 25 "

access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25

HTH

Regards

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎01-06-2010 01:58 AM

also you can use this config

ip nat pool pool1 3.3.3.3 3.3.3.3 prefix-length 24 ---- you need to put the requred prefix length (subnet)
ip nat inside source route-map map1 pool pool1
!
access-list 100 permit tcp host 10.1.1.1 host 8.8.8.8 eq smtp
!
route-map map1 permit 10
match ip address 100

good luck

if helpful Rate

0 Helpful

Go to solution
kmmehlkmmehl
Level 1
Level 1
In response to Marwan ALshawi

‎01-06-2010 02:03 AM

Thanks Guys.

I made it without a route map... only with the access list defining..

ip nat inside source list 120 pool POOL_EXT overload

will this work also? i cannot test it (yet)

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to kmmehlkmmehl

‎01-06-2010 02:10 AM

supposed to work

but sometimes with ACL dos not work .. why i do not know

if you got any problem just change it to oneof the ways mentioned above with route-map

good luck

if helpful Rate

0 Helpful

Go to solution
rajatsetia
Level 1
Level 1
In response to Marwan ALshawi

‎01-06-2010 02:46 AM

Interestingly yes, sometimes acl doesnt work and whenever I faced NAT+ACL situation, I used to get very frustrated (not because I was not aware that I can use route-map but why ACL solution not working was the problem).

Today I got bit of hope as i read one of technology blog  (not tested or verified with Cisco documentation)

It says "route-maps can match against extended access lists, whereas "ip nat inside source list" supports standard access lists only"

If this is true, NAT+route-map is the only solution here

HTH

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card