Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nating 1 subnet on 2 different interface

Hi all

We have many cisco 831 and we have to nat (for Internet traffic purpose) on a Ethernet interface that has is

IP address assign from an ISP with DHCP protocol.

We put the following line in our router

ip nat inside source list 2 interface Ethernet 1 overload

access-list 2 permit x.x.x.x x.x.x.x (Lan subnet)

We gonna have to nat also on our dial-backup interface for the same purpose.

If I only put the "ip nat inside source list 3 interface Async 1 overload"

and the "access-list 3 permit x.x.x.x x.x.x.x" (same subnet that the Ethernet 1 nating)

then remove the "ip nat inside source list 2 interface Ethernet 1 overload" everythings work fine but if I let the 2 line of nating I'm not able to nat on the Async interface.

Is this normal ?

Thank you very much

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Nating 1 subnet on 2 different interface

that is what he tried to start.

The problem isn't that it routes wrong its that it does not know which ip nat inside to use. When configured in this method it only uses the ip address in the access list to make the selection. It cannot decided and you kinda get random results. They added the route-map to allow you to use the outbound interface as the selection method. You can also put a match entry to match the access list if you want to do both.

9 REPLIES
Gold

Re: Nating 1 subnet on 2 different interface

The router basically cannot decide which to use when you have the same access list on both. It is even more strange when they paritally overlap.

The solution to this is to use route-maps and match the outside interface name. You can also restrict it to addresses if you wish somethings to be natted and other not. This in effect allows selection of the nat pool/address by the outgoing interface.

New Member

Re: Nating 1 subnet on 2 different interface

Must I put the match interface Ethernet1 Async1 on the same route-map ?

I try many possibility but the only one that seems to work it's to put

ip nat inside source route-map NATINGAS1 interface Async1 overload

ip nat inside source route-map NATINGET1 interface Ethernet1 overload

!

route-map NATINGDI1 permit 10

match interface Ethernet1

!

route-map NATINGAS1 permit 10

match interface Async1

!

But my VPN that I use on those interface are flapping.

Re: Nating 1 subnet on 2 different interface

Hi Martin

In this case if you could one public static ip you can assign the same under a loopback interface which you can make use for single overloading statement..

This will avoid configuring 2 different overload statements over 2 different interfaces..

regds

New Member

Re: Nating 1 subnet on 2 different interface

Thanks

But the problem is that the Ethernet public IP address is assign dynamicly and it's the same thing for the dial-backup Async interface.

Gold

Re: Nating 1 subnet on 2 different interface

Not sure what would cause the VPN to flap.

You should be able to find out if it is nat doing it by doing debug ip nat detail

If it particular addresses you can add another match statement to match ip addresses also. This would allow you to not nat certain addresses. It would then only apply the nat pool if both match conditions were true.

Blue

Re: Nating 1 subnet on 2 different interface

Why cant you just do this:

ip nat inside source list 2 interface ethernet 1 overload

ip nat inside source list 2 interface async 1 overload

access-list 2 permit x.x.x.x

and then add the "ip nat inside" and "ip nat outside" statements on the corresponding interfaces.

NATing is the last step in the order of operations chain. The router will receive a packet on its inside interface, do a route table look-up (assuming process switching), switch the packet to the correct interface, then follow the NAT commands that apply to it.

No?

Gold

Re: Nating 1 subnet on 2 different interface

that is what he tried to start.

The problem isn't that it routes wrong its that it does not know which ip nat inside to use. When configured in this method it only uses the ip address in the access list to make the selection. It cannot decided and you kinda get random results. They added the route-map to allow you to use the outbound interface as the selection method. You can also put a match entry to match the access list if you want to do both.

Blue

Re: Nating 1 subnet on 2 different interface

I hear what you're saying, but one would think that the router would choose the correct ip nat statement/directive based on the interface to where it switches the packet. In other words, if it switches the packet to the ethernet 1 interface, it should recognize the "ip nat outside" statement under the interface configs and then know that it would have to follow the nat directive that corresponds to that interface.

Anyway, would you kindly show me how you would configure this?

Thank you very much for your time.

New Member

Re: Nating 1 subnet on 2 different interface

Thanks you very much, everything works.

141
Views
0
Helpful
9
Replies