Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
4
Replies

NAT (Any inside local address space)

cgravell
Level 1
Level 1

‎06-04-2001 04:20 AM - edited ‎03-08-2019 08:19 PM

Is it possible for a NAT implementation to convert simultaneously ANY possible inside local address (multiple IP ranges, VLSM etc) to a single inside global address? Inside local can be routed or non routed ranges.

Thanks - Chris

Labels:
0 Helpful
4 Replies 4

ciscomoderator
Community Manager
Community Manager

‎06-07-2001 11:47 AM

The topic of this forum is General Security however there are a number of professionals online who may be able to assist you. We are always considering additional forums for such topics and I will make a note of your post.

If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

thisisshanky
Level 11
Level 11

‎06-08-2001 09:09 AM

i assume u r using a cisco router.

The solution u want is very much possible. The method used is called as NAT address overloading. The principle used is. You match an access-list with the inside local ip address ranges.. Then you create a nat pool with a single ip address ( the public inside global address) and give a keyword "overload" to the pool. and associate the pool with this access-list.

Now when NAT takes place... u r internal ip addresses will be translated to the same inside global ip address..the router distinguishes different connections by changing the ports..(TCP or UDP ports)..

with regards,

shanky

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

cgravell
Level 1
Level 1
In response to thisisshanky

‎06-14-2001 02:27 AM

Thanks Shanky - but what I really want is the access list to be created dynamically based upon source IP. I don't want to have to do any work!

- Chris

0 Helpful

kasey.hohenbrink
Level 1
Level 1

‎07-11-2001 11:31 AM

The other post was correct. you do not need to do any work other than defining the inside and outside NAT interfaces, setting up the pool address with overload. this is dynamic.

an acl is not needed unless you want to emulate a proxy server and need to deny/permit

certain address ranges to be NATted. to do this, you will need to create a route map and define

it into the NAT address pool.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents