07-11-2012 09:50 PM - edited 03-04-2019 04:56 PM
Dear boss
My server ip 192.168.0.14 nating IP 172.30.40.115 and i will access from 10.23.252.0/27.
WAN IP 10.0.0.1 and 10.0.1.1. it is crypto with IPsec.
MY conf :
Interface fe 0/0
switch port access vlan 10
interface vlan 10
ip add 10.0.0.1
ip route 10.23.252.0 255.255.255.224 10.0.1.1
ip nat inside source static 192.168.0.14 172.30.40.115 route-map NAT_30
access-list 2002 permit ip 172.30.40.112 0.0.0.15 10.23.252.0 0.0.0.31
route-map NAT_30 permit 10
match ip address 2002
Generally I bind nat with tunnel , but here no tunnel. where i apply nat and how to configure ????
Please suggest me.
shahid
Solved! Go to Solution.
07-15-2012 07:45 AM
remove the route-map from ur static NAT command, make it simple n make it work, complications... later.
did you set your router's LAN interface as NAT outside? ip nat outside
HTH,
Soroush.
07-11-2012 11:11 PM
can you please provide your topology layout ???
then I can tell you .
REgards
07-12-2012 01:38 AM
Generally i create a tunnel and bind NAT lie this:
tunnel 100
ip add 0.0.0.0 0.0.0.0
tunnel source 0.0.0.0
tunnel desti 0.0.0.0
ip nat outside
Here no tunnel so where i bind in avobe configuration ??
shahid
07-12-2012 01:47 AM
Hi,
you're doing a site-to-site IPSec VPN between these 2 subnets? if so then you don't have to NAT traffic between the 2 subnets( do a deny in an extended access-list used for NAT) an apply nat on inside and outside interfaces for internet traffic.
Regards.
Alain.
Don't forget to rate helpful posts.
07-12-2012 02:14 AM
Dear Alain
Branch have permission on 172.30.40.115 not at 192.168.0.14 and it virtual IP. so i need NAT to get 192.168.0.14. Rranch router is configured for forwarding 172.30.40.112/27 and it is ok.
How i get 192.168.0.14 by using NAT from branch ???
07-12-2012 05:13 AM
Hi,
if I got it right, u want ur hosts to send traffic to 172.30.40.115 and ur Server (192.168.0.14) at the other end receives it, and your switch does routing as well, and u need to convert the ip's on ur branch router...?
So your config on the switch would need a static route to 172.30.40.115 pointing to the branch router.
ip route 172.30.40.115 x.x.x.x [router, gateway ip] .... so that traffic with original ip for server is sent to the router.
then on the router you do the NAT with the serial interface as OUTSIDE interface.
int s0/0
ip nat outside
ip nat inside source static 192.168.0.14 172.30.40.115
let me know if i got the whole idea wrong, then you may need to shift the config to the other router.
Hope it Helps,
Soroush.
07-14-2012 11:14 PM
Dear Soroushm
The NAT is applicable in Head office router. Take it very simple. Branch IP( 10.23.252.0/27) will ping to 172.30.40.115 and 192.168.0.14 will respond. I did NAT to my head office router and bind to vlan 10 described in avobe configuration. It dose not work. My crypto and routing is ok. but when i create nat and bind it to vlan 10 dose not work.
Is there another way to work. ?????
shahid
07-15-2012 07:45 AM
remove the route-map from ur static NAT command, make it simple n make it work, complications... later.
did you set your router's LAN interface as NAT outside? ip nat outside
HTH,
Soroush.
07-15-2012 09:46 PM
Dear Soroushm
U r Right. Its working now.
now i need to delete some static nat. but can not do ?
I tried to deletet as follows:
router# no ip nat translation *
router(conf)#no ip nat inside source static 0.0.0.0 0.0.0.0
wr.
Relaod
But can not remove or edit
How to remove single or all nat.
Pls suggest me
shahid
07-16-2012 09:55 AM
try removing the ip nat outside / ip nat inside commands from the interfaces, then go through the steps u did before. and then reconfig.
Hope it Helps,
Soroush.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: