cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
0
Helpful
2
Replies

Outside NAT Question

Sam Oesterling
Level 1
Level 1

Hello Cisco Community,

I need to translate the outside global address for any IP from the Internet when heading to a particular inside local address to a pool of local private ip addresses that are routable within my private EIGRP topology.  What is the best way to match that traffic, extended ACL or route-map w/ extended ACL?  I already have a static inside nat mapping for this host (ip nat inside source static 'inside local' 'inside global') to change the inside global address to an inside local address that can route in my network.  Each external client that accesses our Outlook Web Access service will need to be assigned a unique outside local address since they will all be accessing TCP port 433 from out ISA proxy.  On the ISA host, I will route traffic for 10.10.10.0 255.255.255.0 via a static route so that Outlook Web Access traffic head down our backbone network, while web proxy (web surfing) traffic head out a cable router via 0.0.0.0 0.0.0.0.  Make sense?

Here is the config I was thinking about below.  Any suggestions?  I assume I need a loopback address so I can attach the NAT pool's network to it and then inject that route into my EIGRP topology.

!

ip nat inside source static 'inside local' 'inside global'  (This already exists in the router)

ip nat outside source route-map 'route-map-name' pool 'pool-name'

ip nat pool 'pool-name' 10.10.10.2 10.10.10.254 netmask 255.255.255.0 type rotary

route-map permit 'route-map-name'

     match ip address 100

!

access-list 100 permit ip any host 'inside-global-ip-addr'

!

interface loopback1

ip address 10.10.10.1 netmask 255.255.255.0

!

router eigrp 1

network 10.10.10.0 0.0.0.255

!

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Not sure what a route-map gains you in this instance as it any address to a specific host so an extended acl should do the trick.

Yes you need to advertise the pool network internally so using a loopback on your router and then advertising via EIGRP is a sensible way to go.

Jon

View solution in original post

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Not sure what a route-map gains you in this instance as it any address to a specific host so an extended acl should do the trick.

Yes you need to advertise the pool network internally so using a loopback on your router and then advertising via EIGRP is a sensible way to go.

Jon

Yeah I'm not sure what the route-map gives me either.

Thanks for your input.  I will use an extended ACL.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco