Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT Problems

Hi,

Please advise me on my config...

I want to translate traffic from a group of internal hosts to a specfic global IP address. When I use a static 1 to 1 mapping it works:

However when I use the configuration below (using access lists and pool) it does not work.

ip nat pool ITG->NEONET 192.168.95.10 192.168.95.10 netmask 255.255.255.0

ip nat inside source list HOSTS->NEONET pool ITG->NEONET overload

ip nat inside source static 10.10.14.2 192.168.95.10

!

ip access-list extended HOSTS->NEONET

permit ip host 10.10.14.2 host 10.9.1.1 log

Any help rated!

Gavin

4 REPLIES
Hall of Fame Super Blue

Re: NAT Problems

Gavin

Your access-list is still referencing a single host ie.

permit ip host 10.10.14.2 host 10.9.1.1

If you want to translate a number of hosts should it not read

permit ip 10.10.14.0 0.0.0.255 host 10.9.1.1 log

I have used a class C subnet mask but you can modify to fit.

Jon

Community Member

Re: NAT Problems

Hi Jon,

Thanks for your input, you were 100% correct. However what I want to do is NAT the source address based on the destination of their traffic.

So I want to NAT 10.10.14.2 -> 192.168.95.10 if they are trying to get to a range of hosts e.g

10.9.1.1, 10.9.2.1, 10.9.3.1. Is this possible?

Gavin

Hall of Fame Super Blue

Re: NAT Problems

Gavin

No problem.

Assuming range of hosts is 10.9.1.1 -> 10.9.1.254 (again you can change to fit)

ip access-list extended HOSTS->NEONET

permit ip host 10.10.14.2 10.9.1.0 0.0.0.255 log

You also need to remove your statement

ip nat inside source static 10.10.14.2 192.168.95.10

HTH

Jon

Re: NAT Problems

It would be better to use a NAT with route-maps in your case

have a look here

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

HTH

Narayan

198
Views
5
Helpful
4
Replies
CreatePlease to create content