Below is my router that's performing NAT. What i am simply trying to do is perform NAT based on the destination address. Any connection coming from inside targeting 172.16.1.1 and 172.17.1.1 routed on the outside subinterfaces, i would like to NAT overload using outside subinterfaces.
for example connection from inside (any) to 172.16.1.1, NAT using Ethernet0/0.60 address (192.168.60.1)
All seems to work fine. But just wanted to find out if this is the best way to perform destination NAT?
des Outside Interface encapsulation dot1Q 60 ip address 192.168.60.1 255.255.255.0 ip nat outside ip virtual-reassembly ip ospf network point-to-point ! interface Ethernet0/0.70
des Outside Interface encapsulation dot1Q 70 ip address 192.168.70.1 255.255.255.0 ip nat outside ip virtual-reassembly ip ospf network point-to-point ! interface Ethernet0/1
des Inside Interface ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly no ip route-cache cef half-duplex
ip nat inside source list 101 interface Ethernet0/0.60 overload ip nat inside source list 102 interface Ethernet0/0.70 overload ! access-list 101 permit ip any host 172.16.1.1 access-list 102 permit ip any host 172.17.1.1
I am not too sure if we would call this a destination NAT, cause, as per the NAT command you are still translating the source address to 192.168.60.1 and 192.168.70.1 based on the matching ACL. The destination address will continue to remain 172.16.1.1 and 172.17.1.1.
Do correct me if i am wrong.
If the above is what we are trying to achieve then we are all good here.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...