cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1228
Views
0
Helpful
9
Replies

Where apply static nat

shahid_duet
Level 1
Level 1

Dear boss

My server ip 192.168.0.14 nating IP 172.30.40.115 and i will access from 10.23.252.0/27.

WAN IP 10.0.0.1     and 10.0.1.1. it is crypto with IPsec.

MY conf :

Interface fe 0/0

switch port access vlan 10

interface vlan 10

ip add 10.0.0.1

ip route 10.23.252.0 255.255.255.224 10.0.1.1

ip nat inside source static 192.168.0.14 172.30.40.115 route-map NAT_30

access-list 2002 permit ip 172.30.40.112 0.0.0.15 10.23.252.0 0.0.0.31

route-map NAT_30 permit 10

match ip address 2002

Generally I bind nat with tunnel , but here no tunnel. where i apply nat  and how to configure ????

Please suggest me.

shahid

1 Accepted Solution

Accepted Solutions

remove the route-map from ur static NAT command, make it simple n make it work, complications... later.

did you set your router's LAN interface as NAT outside?  ip nat outside

HTH,

Soroush.

Hope it Helps!

Soroush.

View solution in original post

9 Replies 9

Sandeep Choudhary
VIP Alumni
VIP Alumni

can you please provide your topology layout ???

then I can tell you .

REgards

Generally i create a tunnel and bind NAT lie this:

tunnel 100

ip add 0.0.0.0 0.0.0.0

tunnel source 0.0.0.0

tunnel desti 0.0.0.0

ip nat outside

Here no tunnel so where i bind in avobe configuration ??

shahid

Hi,

you're doing a site-to-site IPSec VPN between these 2 subnets? if so then you don't have to NAT traffic between the 2 subnets( do a deny in an extended access-list used for NAT) an apply nat on inside and outside interfaces for internet traffic.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Dear Alain

Branch have permission on 172.30.40.115 not at 192.168.0.14  and it virtual IP. so i need NAT to get 192.168.0.14. Rranch router is configured  for forwarding 172.30.40.112/27 and it is ok.

How i get 192.168.0.14 by using NAT from branch ???

Hi,

if I got it right, u want ur hosts to send traffic to 172.30.40.115 and ur Server (192.168.0.14) at the other end receives it, and your switch does routing as well, and u need to convert the ip's on ur branch router...?

So your config on the switch would need a static route to 172.30.40.115 pointing to the branch router.

ip route 172.30.40.115 x.x.x.x [router, gateway ip] .... so that traffic with original ip for server is sent to the router.

then on the router you do the NAT with the serial interface as OUTSIDE interface.

int s0/0

ip nat outside

ip nat inside source static 192.168.0.14 172.30.40.115

let me know if i got the whole idea wrong, then you may need to shift the config to the other router.

Hope it Helps,

Soroush.

Hope it Helps!

Soroush.

Dear Soroushm

The NAT is applicable in Head office router. Take it very simple. Branch IP( 10.23.252.0/27) will ping  to 172.30.40.115 and 192.168.0.14 will respond. I did NAT to my head office router and bind to vlan 10 described in avobe configuration. It dose not work.  My crypto and routing is ok. but when i create nat and bind it to vlan 10  dose not work.

Is there another way to work. ?????

shahid

remove the route-map from ur static NAT command, make it simple n make it work, complications... later.

did you set your router's LAN interface as NAT outside?  ip nat outside

HTH,

Soroush.

Hope it Helps!

Soroush.

Dear Soroushm

U r Right. Its working now.

now i need to delete some static nat. but can not do ?

I tried to deletet  as follows:

router# no ip nat translation *

router(conf)#no ip nat inside source static 0.0.0.0 0.0.0.0

wr.

Relaod

But can not remove or edit

How to remove single or all nat.

Pls suggest me

shahid

try removing the ip nat outside / ip nat inside commands from the interfaces, then go through the steps u did before. and then reconfig.

Hope it Helps,

Soroush.

Hope it Helps!

Soroush.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco