Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

simple nat help

HI all

can you please look in to my config and say the natting is correct.

int gi 0/0

ip address 10.10.45.1 255.255.255.0

ip nat inside

int  gi 0/1

ip address 99.89.99.99 255.255.255.248

ip nat outside

int gi 0/2

ip address 101.100.188.130 255.255.255.248

ip nat outside

access-list 10 permit 10.10.45.0 0.0.0.255

ip nat inside sourcelist 10 int fa 0/1 overload

or

#ip nat pool XXX <start ip> <end ip> netmask  255.255.255.248

#ip nat inside source list 10 XXX overload

Regards

srikanth

5 REPLIES
Cisco Employee

simple nat help

Hi Srikanth,

Looks like we have a problem in this command

ip nat inside sourcelist 10 int fa 0/1 overload

as we dont have fa 0/1 in the shared config. so it should be gi0/1 or gig0/2 instead of fa0/1

Rest of the configurations looks good to me

-Vijay

New Member

simple nat help

Hi vijay

thanks for the quick reply. and thats my mistake fa 0/1 should be gi 0/1

and can i go with this nat policy whats the diffence between 1 and 2 below

1.

access-list 10 permit 10.10.45.0 0.0.0.255

ip nat inside sourcelist 10 int gi 0/1 overload

2.

#ip nat pool XXX netmask  255.255.255.248

#ip nat inside source list 10 XXX overload

Thanks

srikanth

simple nat help

Hi srikanth,

Some of the fiels are incorrect in your config.
See the below config which fits you....


int gi 0/0
ip address 10.10.45.1 255.255.255.0
ip nat inside

int  gi 0/1
ip address 99.89.99.99 255.255.255.248
ip nat outside

int gi 0/2
ip address 101.100.188.130 255.255.255.248
ip nat outside

ip nat inside source route-map nonat interface GigabitEthernet0/1 overload

route-map nonat permit 10
match ip address NONAT

ip access-list extended NONAT
permit ip 10.10.15.0 0.0.0.255 any


Please rate the helpfull posts.
Regards,
Naidu.

Cisco Employee

simple nat help

Hi Naidu.,

I doubt if the above said config works.

You had defined an access list

ip access-list extended NONAT

permit ip 10.10.15.0 0.0.0.255 any

which will match the source address on 10.10.15.0/24 network. This will not have any match.

so the natting itself will not happen. I guess the ACL shuld permit 10.10.45.0 instead of 10.10.15.0

Also, the NAT can be performed with ACL's alone instead of writing a route map. so we cannot claim that the config that srikanth had is incorrect. its just other way of matching the IP to NAT.

-Vijay

simple nat help

Hi Vijay,


I just put an example numbers, so the Srikanth need to change those number according to his requirement.
I knew that NAT can be perform with ACL's, the idea behind route-map are more flexible than ACL.
I thought to list what all the filelds can be put in more effecient way.

Hope I clear you...


Please rate the helpfull posts.
Regards,
Naidu.

345
Views
15
Helpful
5
Replies
CreatePlease to create content