Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT issue. 2 different Inside global IP addresses for one Inside local IP

Hi All,

I need to perform such trick:

One host from inside (inside local) connects to 2 different services binded to 2 different IP addresses (outside global).

I'm trying to do it with such NAT configuration.

for Service1

ip nat pool pool-4-97 10.88.4.97 10.88.4.97 prefix-length 28

Extended IP access list list-97

10 permit tcp host 10.0.0.75 gt 1023 host 172.23.200.11 eq 2323

ip nat inside source list list-97 pool pool-4-97 overload

for Service2

ip nat pool pool-4-100 10.88.4.100 10.88.4.102 prefix-length 28

Extended IP access list list-100

10 permit tcp host 10.0.0.75 gt 1023 host 172.23.100.49 eq 4555

ip nat inside source list-100 pool pool-4-100

When I'm trying to connect from host 10.0.0.75 to 172.23.100.49:4555 I can see

from the output of 'debug ip nat' that Cisco creates NAT translation but translates not to IP address from pool pool-4-100 but to IP address from pool pool-4-97

NAT entry for service1 is upper in Cisco?s config than NAT entry for service 2 and occurred 'first match wins'.

But it?s wrong. Destination hosts are clearly set in the access lists.

How can I enforce NAT to perform translation according to access list?

Can 'ip nat inside source route-map' helps to solve this issue?

1 REPLY
New Member

Re: NAT issue. 2 different Inside global IP addresses for one In

OK I changed configuration of NAT entry to

ip nat inside source route-map

and it works properly.

120
Views
0
Helpful
1
Replies
CreatePlease login to create content