Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT with route-maps

Hi,

I would like to accomplish the following scenario:

Deny NAT from any local to local address.

Permit NAT from 172.16.100.0/24 to any global address using the OG ip on Lo10.

Permit NAT from 172.16.101.0/24 to any global address using the OG ip on Lo11.

Permit NAT from any local address to any global address using the OG ip on Eth0.

How am I going to accompish this?

PS. I described it as NAT but I actually mean PAT, so I would like to use overloading.

  • LAN Switching and Routing
5 REPLIES
New Member

Re: NAT with route-maps

ip nat inside list 101 interface loop0 overlload

ip nat inside list 102 interface loop1 overload

ip nat inside list 103 interface ether0 overload

access-list 101 deny local local

access-list 101 permite 172.16.100.0 0.0.0.255 any

same with access-list 102

and same with access-list 103

i hope this helps.

Re: NAT with route-maps

try

access-list 100 permit ip 172.16.100.0 255.255.255.0 any

access-list 101 permit ip 172.16.101.0 255.255.255.0 any

accessaccess-list 102 permit ip any any

then

ip nat source list 100 interface Lo10 overload

ip nat source list 101 interface Lo11 overload

ip nat source list 102 interface Eth0 overload

apply the ip nat inside and ip nat outisde on the right places

good luck

if helpful Rate

New Member

Re: NAT with route-maps

Dear Marwanshawi,

your configuration doesnt comply with requirements. look access-list 100 permits everything from 172.16.100.0.... and this includes 172.16.101.0....

that is why i added the deny statements in the access-list so that local networks can talk to each other without any problems. the deny statement in the network will stop translation for these networks.

i hope u understand what i am trying to say.

regards

Re: NAT with route-maps

nice of u amit :)

New Member

Re: NAT with route-maps

Ok but does the router use best match to match the specific ACL? Because a packet from 172.16.100.10 to any which should match ACL 100 also matches ACL 102.

108
Views
6
Helpful
5
Replies
This widget could not be displayed.