Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change the source IP on NAT

Hi,

I need to change the source IP of a packet for one of my NAT's

I currently have an Cisco 1812.

I have an PPPoE connection as Dialer 0.

I have another VLAN that is connected to an Netscreen SSG5 VPN gateway via another Cisco switch.
I have a vlan trunk between the switch and the 1812.

What I would like to achive is the following :-

For any traffic going to the following three ranges make it apear as if it was coming from the VLAN50 address

Hear is the thee ranges :-

access-list 150 permit ip 192.168.0.0 0.0.255.255 any

access-list 150 permit ip 172.16.0.0 0.0.240.255 any

access-list 150 permit ip 10.0.0.0 0.0.0.255 any

Hear is where I need to send it :-

ip route 10.0.0.0 255.0.0.0 10.27.30.225

ip route 172.16.0.0 255.240.0.0 10.27.30.225

ip route 192.168.0.0 255.255.0.0 10.27.30.225

I have defined a VLAN with an ip address of 10.27.30.226

interface Vlan50

ip address 10.27.30.226 255.255.255.248

ip virtual-reassembly

I can ping my netscreen on 10.27.30.255 fine from the Cisco 1812. But any other PC fails, as for some reasion the traffic has a source of my Dialer 0 interface.

How can I write a nat to change the source just for the tree destitnations ?

Everyone's tags (2)
7 REPLIES
New Member

Re: Change the source IP on NAT

Looks like there may be an ACL or routing problem. Can u post your config? And a copy of show ip route from the 1812?

Also what is the subnet of the pcs and what is the default gateway of the pcs?

Sent from Cisco Technical Support iPad App

New Member

Re: Change the source IP on NAT

Config attached.

#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer0

      1.0.0.0/32 is subnetted, 1 subnets

C        xxx.xxx.xxx.xxx is directly connected, Dialer0

      10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

S        10.0.0.0/8 [1/0] via 10.27.30.225

C        10.27.30.224/29 is directly connected, Vlan50

L        10.27.30.226/32 is directly connected, Vlan50

      xxx.0.0.0/32 is subnetted, 1 subnets

C        xxx.xxx.xx.xxx is directly connected, Dialer0

S     172.16.0.0/12 [1/0] via 10.27.30.225

S     192.168.0.0/16 [1/0] via 10.27.30.225

      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.0.0/24 is directly connected, Vlan10

L        192.168.0.254/32 is directly connected, Vlan10

PC subnet is 192.168.0.x 255.255.255.0

Default g/w is 192.168.0.254

New Member

Re: Change the source IP on NAT

Try putting ip nat outside under interface VLAN 50.

New Member

Re: Change the source IP on NAT

interface Vlan50

ip address 10.27.30.226 255.255.255.248

ip nat outside

ip virtual-reassembly

zone-member security LAN

No help

Still can not ping an IP address from a machine on my network to the VPN

New Member

Re: Change the source IP on NAT

RESOLVED!

I set Vlan 50 and Vlan 10 to have "ip nat enable"
I removed "ip nat outside" on vlan 50

I added the following to translate the source

ip nat source static 192.168.0.2 10.27.30.226

Now it all works.

Only from 192.168.0.2 as expected.

Not sure how I can translate for any address.

New Member

Re: Change the source IP on NAT

Can u ping the netscreen trust interface from a pc?

Sent via DroidX2 on Verizon Wireless™

New Member

Re: Change the source IP on NAT

Yes I can and any IP address in VPN. Of course only from 192.168.0.2  but that sok with me right now.

1165
Views
0
Helpful
7
Replies
CreatePlease login to create content