07-28-2013 08:15 PM - edited 03-03-2019 07:08 AM
I have a WAN router (2911, IOS 15.2M) with a NAT policy supporting a WAN backup using L2L VPN (DSL connected to an ethernet interface, IP NAT OUTSIDE, NAT overload.) Two IP NAT INSIDE interfaces are on the router: one for data, one for IP Phones.
I have a new requirement to NAT access to a specific server which will require me to put an IP NAT OUTSIDE on the WAN Interface. When I do this, I lose access to my router because of the conflict between the NAT policy that is appropriate for the DSL interface for VPN and my requirement for the WAN interface. Ideally, IP NAT OUTSIDE on the WAN interface and IP NAT INSIDE only for the inside data interface.
Is there a way to set up independent NAT policies and bind them to specific Interfaces?
07-29-2013 12:58 AM
Hi there,
You should be able to apply an extended ACL to the NAT rule which will NAT based on destination.
Any chance you can post the router config so we can work out what the correct commands might be?
cheers,
Seb.
07-29-2013 03:28 AM
While it is an appealing thought, using extended access list will not allow you to specify the NAT for a specific interface. To accomplish this you should configure the NAT using route maps rather than just access list. In the route map you would have 2 match statements. One statement would match the interface and the other statement would match the access list. This will allow you to bind a specific NAT with a specific interface.
HTH
Rick
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: