Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT same source to different destinations.

Hi Guys,

I have a senerio here regarding NATing.

The traffic is initiated from One IP (eg. 192.168.1.1) to two different destinations (eg. 172.21.1.1 and 172.16.1.1)

The source needs to be translated to two different IPs based the destination it tries to access. eg. if source 192.168.1.1 tries to access 172.21.1.1 it will be translated to 10.21.1.1, if source 192.168.1.1 tries to access 172.16.1.1 it will be translated to 10.16.1.1.

The source 192.168.1.1 is at outside interface. The traffic is from outside to inside.

The problem I am having is that when first request from 192.168.1.1 to any of the destination, it gets translated, but when the second request to different destination, it never match the access list, and it just match the current NAT table entry and translate.

I know this is similiar to Multiple ISP senerio except for my case the traffice is from outside to inside.

Is there any way to make it working????

Thanks very much.

3 REPLIES
Purple

NAT same source to different destinations.

Hi,

Can you post your NAT config as well as route-maps.

Regards.

Alain

Don't forget to rate helpful posts.

NAT same source to different destinations.

Dong,

I don't think what you are trying to achieve is possible. Atleast not from outside to inside.

If the Inside and outside zones were to be reversed then yes, you can configure NAT to check the destination and then change the source of the packet.

In your scenario:

- "ip nat outside source static" will not work as it will always check the source of the packet and will execute the first NAT command it hits, so the second entry will never be used. I am even doubtful that it will let you configure a second static NAT entry with the same Global outside ip

- "ip nat outside source list" command will not work because again in the ACL you will be matching 192.168.1.1, and that too only Standard ACL is accepted, so there won't be any checks for the destination ip. And as per my experience, if we use route-map here and an extended ACL, then the destination is not checked

If anyone else have a workaround for this, I should be interesting to know about it

Hope it helps

Neeraj

New Member

NAT same source to different destinations.

Yes, you are right Neeraj, unless we swap between outside interface and inside interface, there is no other way to do it.

Tested in the lab.

Thanks very much.

582
Views
0
Helpful
3
Replies
CreatePlease to create content