Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
1
Helpful
3
Replies

Changed source address based on destination IP

John McNumara
Level 1
Level 1

‎09-18-2014 11:40 AM - edited ‎03-07-2019 08:48 PM

Hello,

 

Suppose I had the following configuration in an IOS router

 

interface <interface type/number>

 ip address 1.1.1.3 255.255.255.0 secondary

 ip address 1.1.1.2 255.255.255.0

 

ip route 0.0.0.0 0.0.0.0 1.1.1.1

 

access-list standard INTERNET_BOUND_ACL

 permit <lan subnet-id> <lan wildcard>

 

ip nat inside source list INTERNET_BOUND_ACL interface <interface type/number> overload

 

 

I need to change the source inside global IP address based on the destination outside global IP address.

 

Example: I need our source IP to be 1.1.1.3 when I ping 8.8.8.8

 

How would i accomplish this?

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎09-18-2014 02:03 PM

You could do this with NAT. You may need PBR as well if there are only certain destinations you would to NAT and not all destinations.
0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee

‎09-18-2014 02:09 PM

Hi,

You would need to use two NAT pools and two different ACLs to separate your internal clients depending on the destination they want to communicate with, and to subsequently NAT them using a selected NAT pool. For example:

ip access-list extended NAT_2
  permit ip <LAN Network> <Wildcard> <DestinationX> <WildcardX>
  ...
  ...
!
ip access-list extended NAT_3
  permit ip <LAN Network> <Wildcard> <DestinationY> <WildcardY>
  ...
  ...
!
ip nat pool NATPOOL_2 1.1.1.2 1.1.1.2 netmask 255.255.255.0
ip nat pool NATPOOL_3 1.1.1.3 1.1.1.3 netmask 255.255.255.0
ip nat inside source list NAT_2 pool NATPOOL_2 overload
ip nat inside source list NAT_3 pool NATPOOL_3 overload

Exactly one of the ACLs should actually contain an entry saying

permit ip <LAN Network> <Wildcard> any

to make sure that the internal network gets translated to some of the two public addresses even if itt does not communicate with any specific destination IP.

Do you believe this could be a workable solution for you?

Best regards,
Peter

danielnavaspinzon
Level 1
Level 1

‎09-20-2023 01:12 PM

Thank you @Peter Paluch!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card