Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1302
Views
0
Helpful
5
Replies

How can I get this to work with NAT?

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-18-2014 08:59 AM - edited ‎03-07-2019 07:46 PM

Hi Masters, 

I need to add a route-map to a static NAT but the option seems to be available only if using inside/outside NAT, not if using enable NAT. 

This is a CISCO1921/K9 running 15.2(4)M6

Here's what I mean: 

R2(config)#ip nat inside source static 192.168.3.20 10.10.10.20  ?    -->  allows the route-map option to be appended 
  extendable  Extend this translation when used
  mapping-id  Associate a mapping id to this mapping
  no-alias    Do not create an alias for the global address
  no-payload  No translation of embedded address/port in the payload
  redundancy  NAT redundancy operation
  route-map   Specify route-map
  vrf         Specify vrf
  <cr>

R2(config)#ip nat source static 192.168.3.20 10.10.10.20 ?         -->  no route-map option 
  extendable  Extend this translation when used
  no-alias    Do not create an alias for the global address
  no-payload  No translation of embedded address/port in the payload
  vrf         Specify vrf
  <cr>

What I need is multiple dynamic and static NAT rules between multiple interfaces, so I need a way to assign multiple static NAT depending on the destination. 

For example, if server 192.168.3.0 wants to go to VLAN A, get statically translated to IP 1. 

If the same server 192.168.3.0 wants to go to VLAN B, get statically translated to IP 2. 

AS far as I know I need a route-map attached to the static NAT statements to make this happen, but the option is not available as shown above. And I don't want to use normal inside/outside NAT since I need the interfaces to allow NAT in both directions. 

If anybody can share some light will be very appreciated!

 

 

 

 

Labels:
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎06-18-2014 01:04 PM

Hello

II am on the understandinmg that in domain nased nat ( inside/outside) route-maps allows nat to read scr & dst in the acl before translation, and when just defining  an acl, Nat only reads the scr address before nat translation. plus its nat order of operation is different for inside and outside

inside- route-lookup then nat translation
outside - nat translation  then route-lookup

 

However domain-less nat ( ip nat enable) performs the same order of operation in either direction so with this in mind have you tried just using a exteneded acl with the domain-less nat?

 

res

Paul

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to paul driver

‎06-18-2014 01:21 PM

Thank you Paul what you say makes sense. 

However I cannot call an ACL from the static NAT statement without a route-map. This is what you're suggesting? 

0 Helpful

paul driver
VIP
VIP
In response to Federico Coto Fajardo

‎06-18-2014 03:24 PM

Hello

Yes , you have verified that yourself -  what i am trying to suggest is to use either of these to accomplish your nat translation using domain-less NAT
 

 - extended acl defining scr & dst and nat pool to define a global address

ip nat source list 100 pool POOL


 - extended acl defining scr & dst called by a route-map and a nat pool to define a global address
ip nat source route-map ROUTEMAP pool POOL
 

 

-  static using the extendable key word
ip nat source static (udp/tcp) 192.168.1.1 (port) global-ip (port)  extendable
ip nat source static (udp/tcp) 192.168.1.1 (port) global-iip (port)  extendable



res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to paul driver

‎06-19-2014 07:06 AM

Paul, 

 

The commands: 

ip nat source list or ip nat source route-map works fine for dynamic NAT or PAT, but I need static NAT. 

And the Static PAT statements won’t work since we need all ports defined. 

 

So, I guess I need a way to map static NAT depending on the destination using domain-less NAT. 

Can this be accomplished?

0 Helpful

paul driver
VIP
VIP

‎06-19-2014 11:18 AM

Hello Then try static nat! As I have stated the lookup in domain-less nat is symmetrical inbound/outbound Res Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card