cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
6
Replies

Crazy NAT question

peperg
Level 1
Level 1

Here is what I am trying to do ....

I have a series of hosts A - F. I need them to communicate with hosts in an external/24 network, Network z. The communication can come from any of my hosts to any host in network z. I need to nat the traffic as it leaves my network towards network z but only from the hosts A - F. Also, I need to have static assignments for the NATs of hosts A - F. To make it better in another segment I have hosts G - k that I need to do the same NATting to Network Z but not between each other or any other host on my network.

I would like to not setup 6 nat pools, 6 ip nat inside source list statements and 6 access-lists. Is there a cleaner way of doing this with maybe a route-map or something. I feel that this is much easier than I think I might be making it.

Peper

1 Accepted Solution

Accepted Solutions

a.alekseev
Level 7
Level 7

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

View solution in original post

6 Replies 6

cybrsage
Level 1
Level 1

What device are you using to NAT through and what IOS revision?

I do not know the answer to your question, but I can see this as being needed info for others.

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

a.alekseev
Level 7
Level 7

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

Thank you!! I just found a doc that describes that pretty closely back in the 12.2 documentation.

I just got handed a snag in that the network Z will also be initiating traffic. Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

From what I can tell it should be able to work both ways.

Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

I think, you needn't

That is enough for bidirectional communication.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: