Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Multiple nat inside statements

Hello,

My router interface already has a nat inside with a nat pool configured for natting 10.x.x.x private IPs to 172.28.x.x private IPs. I want to use the same interface to NAT a subnet of 10.x.x.x private IPs to the interface IP(public IP) to go to internet. Can I just add another "nat inside source list interface" statement for this to work?

Please note that the 10.x.x.x subnet I need to translate to interface(public ip) is not included in the access-l for the nat already configured on the interface.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Multiple nat inside statements


Hi Shivani,

We would need following configuration to acheive the requirement:

ip nat inside source route-map interface GigabitEthernet0/1.104  overload vrf

ip access-list extended
permit ip
10.7.251.128/25 any

route-map permit 10
match ip address

--Here i'm assuming your interface with public ip is GigabitEthernet0/1.104

Let me know if this works,

Cheers,

Rudresh V

4 REPLIES
Cisco Employee

Re: Multiple nat inside statements

Hi Shivani,

Yes it should work by adding a new nat statement for the selected private network 10.x.x.x

ip nat inside source list 1 interface overload

and access-list 1 defining the traffic 10.x.x.x

Can you post your existing nat configuation here so that i can confirm in case u need to use route-maps, or if a nat statement mentioned above will work fine.

Cheers,

Rudresh V

Community Member

Re: Multiple nat inside statements

Hello Rudresh,

Thanks for your response. Below is existing nat I have on the interface and the subnet I need to nat to public ip of the interface is 10.7.251.128/25.

ip nat pool 172.28.120.145 172.28.120.158 netmask 255.255.255.240


ip nat inside source route-map pool vrf

route-map permit 10
  match ip address
match interface GigabitEthernet0/1.104


Extended IP access list
    10 permit ip 172.28.120.128 0.0.0.15 host
    20 permit ip 172.28.120.128 0.0.0.15 host
    30 permit ip 172.28.120.128 0.0.0.15 host
    40 permit ip 10.4.0.0 0.3.255.255 host
    50 permit ip 10.4.0.0 0.3.255.255 host
    60 permit ip 10.4.0.0 0.3.255.255 host
    70 permit ip 10.4.0.0 0.3.255.255 host
    80 permit ip 10.4.0.0 0.3.255.255 host

Thank you.

Cisco Employee

Re: Multiple nat inside statements


Hi Shivani,

We would need following configuration to acheive the requirement:

ip nat inside source route-map interface GigabitEthernet0/1.104  overload vrf

ip access-list extended
permit ip
10.7.251.128/25 any

route-map permit 10
match ip address

--Here i'm assuming your interface with public ip is GigabitEthernet0/1.104

Let me know if this works,

Cheers,

Rudresh V

Community Member

Re: Multiple nat inside statements

Thanks Rudresh!

1437
Views
0
Helpful
4
Replies
CreatePlease to create content