Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT - need different NAT policy per interface

I have a WAN router (2911, IOS 15.2M) with a NAT policy supporting a WAN backup using L2L VPN (DSL connected to an ethernet interface, IP NAT OUTSIDE, NAT overload.) Two IP NAT INSIDE interfaces are on the router: one for data, one for IP Phones.

I have a new requirement to NAT access to a specific server which will require me to put an IP NAT OUTSIDE on the WAN Interface. When I do this, I lose access to my router because of the conflict between the NAT policy that is appropriate for the DSL interface for VPN and my requirement for the WAN interface. Ideally, IP NAT OUTSIDE on the WAN interface and IP NAT INSIDE only for the inside data interface.

Is there a way to set up independent NAT policies and bind them to specific Interfaces?

Everyone's tags (1)

NAT - need different NAT policy per interface

Hi there,

You should be able to apply an extended ACL to the NAT rule which will NAT based on destination.

Any chance you can post the router config so we can work out what the correct commands might be?



Hall of Fame Super Silver

Re: NAT - need different NAT policy per interface

While it is an appealing thought, using extended access list will not allow you to specify the NAT for a specific interface. To accomplish this you should configure the NAT using route maps rather than just access list. In the route map you would have 2 match statements. One statement would match the interface and the other statement would match the access list. This will allow you to bind a specific NAT with a specific interface.



Sent from Cisco Technical Support iPhone App