Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
3
Replies

nat inside source static AND/OR inside source overload?

GRAEME DANIELSON
Level 1
Level 1

‎06-11-2006 02:41 AM - edited ‎03-09-2019 03:12 PM

On an 837 IOS 12.4 I want to nat the inside source depending on the destination.

Destination 1

Internet with normal PAT overload (also with static ports for incoming smtp and web)

So far so good.

Destination 2

IPsec tunnel. Devices on the remote end of the IPsec tunnel need to also initiate connections in to the local devices.

I can get Destination 2 working with a nat inside source route-map and nat pool but of course as it's a dynamic translation the remote tunnel devices can't initiate connections in. So I need a static nat for Destination 2?

A network static for tunnelled traffic does the trick in both directions nicely. But it NATs the inside sources for ALL destinations... not so nice.

I think I need a feature like a network static but with route-map selection for fine-grained control. Does such a feature exist?

I can't see a solution for this. Can someone prove me wrong please?!

TIA

Labels:
0 Helpful
3 Replies 3

atif.awan
Level 3
Level 3

‎06-11-2006 07:37 AM

Actually such a feature does exist and there is a solution for this.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bac.html

I have actually done something quite similar for one of my clients. It did require some tweaks but worked out quite well.

0 Helpful

GRAEME DANIELSON
Level 1
Level 1
In response to atif.awan

‎06-12-2006 12:51 AM

Yes, I had already seen this feature; it is for individual static translations. The problem is I need to translate a subnet so would need this as a NETWORK static. The document specifically states...

"Network static support is not included in this feature."

Thankyou for your response.

0 Helpful

atif.awan
Level 3
Level 3
In response to GRAEME DANIELSON

‎06-12-2006 01:41 AM

I had overlooked the network static requirement.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents