I am replacing a Linux router with a Cisco device. The Linux device provides NAT services, and I have successfully configured inbound access from public addresses to private addresses. However, the Linux router has IPTables configuration as shown below which I cannot replicate in Cisco:
-A POSTROUTING -s 10.5.10.41/32 -d ! 10.5.0.0/16 -j SNAT --to-source xx.yy.124.161 (sanitised public address)
I translated this as meaning "For packets with a source address of 10.5.10.41 and a destination address outside the range 10.5.0.0/16, then translate the destination address to xx.yy.124.161
On that basis, I created the following configuration
ip access-list extended corenat1
deny ip host 10.5.10.41 10.5.0.0 0.0.255.255
remark denies traffic source 10.5.10.41 dest 10.5.0.0 0.0.255.255
permit ip host 10.5.10.41 any
remark permits traffic source 10.5.10.41 to any
ip nat pool natpool1 xx.yy.124.161 xx.yy.124.161 netmask 255.255.255.252
ip nat inside source list corenat1 pool natpool1
This was intended to identify the traffic to nat (access-list corenat1), then create a nat pool with one address in it, and finally NAT the identified traffic to the new address. It does not work, and I'm not seeing any translations occurring from these commands. The NAT router simply returns "unavailable" when pinging is attepted
Am I doing something wrong, or is this just not possible?
Thanks for the interest. Your suggestion will apply the access-group to the interface, and will manage packets going in/out of the interface. My access-list was to direct certain traffic to the NAT-RULES, not the interface, so that there was no permit/deny on the interface, but a selection of traffic to which NAT-ing was applied....is my way of working possible?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...