07-07-2008 10:07 AM - edited 03-03-2019 10:37 PM
Here is what I am trying to do ....
I have a series of hosts A - F. I need them to communicate with hosts in an external/24 network, Network z. The communication can come from any of my hosts to any host in network z. I need to nat the traffic as it leaves my network towards network z but only from the hosts A - F. Also, I need to have static assignments for the NATs of hosts A - F. To make it better in another segment I have hosts G - k that I need to do the same NATting to Network Z but not between each other or any other host on my network.
I would like to not setup 6 nat pools, 6 ip nat inside source list statements and 6 access-lists. Is there a cleaner way of doing this with maybe a route-map or something. I feel that this is much easier than I think I might be making it.
Peper
Solved! Go to Solution.
07-07-2008 11:31 AM
conf t
ip access-list ext POLICY-NAT
permit host a.a.a.a z.z.z.0 0.0.0.255
...
permit host f.f.f.f z.z.z.0 0.0.0.255
route-map POLICY-NAT permit 10
match ip address POLICY-NAT
int f0/0
ip nat outside
int f0/1
ip nat inside
ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT
...
ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT
07-07-2008 10:47 AM
What device are you using to NAT through and what IOS revision?
I do not know the answer to your question, but I can see this as being needed info for others.
07-07-2008 10:50 AM
varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.
Peper
07-07-2008 11:31 AM
varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.
Peper
07-07-2008 11:31 AM
conf t
ip access-list ext POLICY-NAT
permit host a.a.a.a z.z.z.0 0.0.0.255
...
permit host f.f.f.f z.z.z.0 0.0.0.255
route-map POLICY-NAT permit 10
match ip address POLICY-NAT
int f0/0
ip nat outside
int f0/1
ip nat inside
ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT
...
ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT
07-07-2008 11:49 AM
Thank you!! I just found a doc that describes that pretty closely back in the 12.2 documentation.
I just got handed a snag in that the network Z will also be initiating traffic. Can I add to the same POLICY-NAT acl
permit z.z.z.0 0.0.0.255 host f.f.f.f
From what I can tell it should be able to work both ways.
07-07-2008 11:58 AM
Can I add to the same POLICY-NAT acl
permit z.z.z.0 0.0.0.255 host f.f.f.f
I think, you needn't
That is enough for bidirectional communication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: