Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crazy NAT question

Here is what I am trying to do ....

I have a series of hosts A - F. I need them to communicate with hosts in an external/24 network, Network z. The communication can come from any of my hosts to any host in network z. I need to nat the traffic as it leaves my network towards network z but only from the hosts A - F. Also, I need to have static assignments for the NATs of hosts A - F. To make it better in another segment I have hosts G - k that I need to do the same NATting to Network Z but not between each other or any other host on my network.

I would like to not setup 6 nat pools, 6 ip nat inside source list statements and 6 access-lists. Is there a cleaner way of doing this with maybe a route-map or something. I feel that this is much easier than I think I might be making it.

Peper

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Crazy NAT question

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

6 REPLIES
New Member

Re: Crazy NAT question

What device are you using to NAT through and what IOS revision?

I do not know the answer to your question, but I can see this as being needed info for others.

New Member

Re: Crazy NAT question

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

New Member

Re: Crazy NAT question

varying routers; 2821, 2851, 3845, 6509 (native). All are running 12.4 of one sort or another.

Peper

Re: Crazy NAT question

conf t

ip access-list ext POLICY-NAT

permit host a.a.a.a z.z.z.0 0.0.0.255

...

permit host f.f.f.f z.z.z.0 0.0.0.255

route-map POLICY-NAT permit 10

match ip address POLICY-NAT

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static a.a.a.a y.y.y.1 route-map POLICY-NAT

...

ip nat inside source static f.f.f.f y.y.y.6 route-map POLICY-NAT

New Member

Re: Crazy NAT question

Thank you!! I just found a doc that describes that pretty closely back in the 12.2 documentation.

I just got handed a snag in that the network Z will also be initiating traffic. Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

From what I can tell it should be able to work both ways.

Re: Crazy NAT question

Can I add to the same POLICY-NAT acl

permit z.z.z.0 0.0.0.255 host f.f.f.f

I think, you needn't

That is enough for bidirectional communication.

136
Views
0
Helpful
6
Replies