I am having difficulties configuring NAT POOL for traffic on my internal network when hitting a specific interface to my firewall. When traffic from a specific subnet (matching the ACL) goes to a specific interface (firewall VLAN) I need that traffic to NAT from pool. Here is my config:
ip nat pool Remote-Offices 10.168.0.0 10.168.255.255 prefix-length 16 type match-host
access-list 150 permit ip 192.168.168.0 0.0.3.255 any log
ip nat inside source list 150 pool Remote-Offices
description Firewall Network
ip address 172.18.7.4 255.255.255.240
ip nat inside
With this config I do not see any nat translations when issuing a pingfrom a host on the 192.168.168.0/22 to a destination address on my firewall dmz which passes through VLAN170, which is also my static default route (172.18.7.1)
Sorry for the delay in responding. Yes, routing for this subnet has and still is working normally.
Question....the svi interface, VLAN 170, should the configuration for NAT function as currently configured or do I need to change the switchports connecting the firewall to routed interfaces and put IPs on the gigabit interfaces?
I have attached a diagram that should help explain better what we are attempting to do.
We have been internally discussing this this morning and re-reading the documentation and may have come up with a reason why we haven't been successful. Is it likely that we have been putting the ip nat inside statement on the wrong interface(s)?
Alain, Sorry. I had difficulties in getting the attachment in this duscussion. Somehow the previous attachment I attempted went into a discussion area. Anyway, I have attached the diagram into this discussion thread. I am still hoping you can help.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...