Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT WITH ACCESS-- LIST

HI,

we are using normal pair of NAT-global commands to nat traffic from inside to outside. But now we need to do NATing as per rules based on access-list. In short some traffic will be grouped in say NAT number -- 1, that will be linked with global number --1 , some another traffic will be grouped in NAT number --2 , and will be linked with global --2, so on

But finally what we need is traffic which do not meet any of the access-list should be packed in some another NAT and global pair. This is some kind of default route placed in router. ( no match in routing table -- send it to default gateway ).

in nut shell , requirement is as follows..

NAT (1)-- GLOBAL (1)-- ACCESS-LIST 1

NAT (2)--- GLOBAL (2)--ACCESS-LIST 2

NAT (3) ---GLOBAL (3) --- FOR REST OF THE TRAFFIC ( GENERATED FROM INSIDE WHO DO NOT MATCH ACCESS-LIST 1 AND ACCESS-LIST 2 ).

Thanks ..

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: NAT WITH ACCESS-- LIST

Hi,

Here's an example of how you could do it:

access-list myacl1 permit ip 10.1.1.0 255.255.255.0 any

access-list myacl2 permit ip 10.1.2.0 255.255.255.0 any

nat (inside) 1 access-list myacl1

global (outside) 1 192.168.1.0 255.255.255.0

nat (inside) 2 access-list myacl2

global (outside) 2 192.168.2.0 255.255.255.0

nat (inside) 3 0.0.0.0

global (outside) 3 192.168.3.0 255.255.255.0

With the above config:

- traffic with source address 10.1.1.0/24 will be NAT'ed to 192.168.1.0/24.

- traffic with source address 10.1.2.0/24 will be NAT'ed to 192.168.2.0/24.

- all other traffic coming through the inside interface will be NAT'ed to 192.168.3.0/24

Hope that helps - pls rate the post if it does.

Paresh

1 REPLY
Purple

Re: NAT WITH ACCESS-- LIST

Hi,

Here's an example of how you could do it:

access-list myacl1 permit ip 10.1.1.0 255.255.255.0 any

access-list myacl2 permit ip 10.1.2.0 255.255.255.0 any

nat (inside) 1 access-list myacl1

global (outside) 1 192.168.1.0 255.255.255.0

nat (inside) 2 access-list myacl2

global (outside) 2 192.168.2.0 255.255.255.0

nat (inside) 3 0.0.0.0

global (outside) 3 192.168.3.0 255.255.255.0

With the above config:

- traffic with source address 10.1.1.0/24 will be NAT'ed to 192.168.1.0/24.

- traffic with source address 10.1.2.0/24 will be NAT'ed to 192.168.2.0/24.

- all other traffic coming through the inside interface will be NAT'ed to 192.168.3.0/24

Hope that helps - pls rate the post if it does.

Paresh

302
Views
0
Helpful
1
Replies