Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static NAT Question

I have two hosts 192.168.5.224 and 192.168.5.225

They need to have a specific address that maps directly to inside global like this

192.168.5.224 -> 10.77.178.224

192.168.5.225 -> 10.77.178.225

Here is my config:

ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0

ip nat inside source route-map leaps-map pool leaps-natpool

ip nat inside source static 192.168.5.225 10.77.178.225 route-map leaps-map

ip nat inside source static 192.168.5.226 10.77.178.226 route-map leaps-map

ip nat inside source static 192.168.5.224 10.77.178.224 route-map leaps-map

access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255

!

route-map leaps-map permit 10

match ip address 101

!

The problem is that 192.168.5.224-225 does not consistently pickup 10.77.178.224-225 associated address.

Any clue as to why this is happening?

Thanks,

Greg

3 REPLIES
Bronze

Re: Static NAT Question

since u have put a static entry for 192.168.5.224 and 225 it should show a permeant entry in nat table.verify the same with "sh ip nat trans" cmd.

also try by removing the route-map portion from the static nat commands.there i dont see any use for putting the route-map in the

static nat command.

...lets hear more from experts...

...arun:)

New Member

Re: Static NAT Question

Put "match-host" at the end. Like

"ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0 type match-host

Let me know if it works.

Re: Static NAT Question

Hi Greg.

Can you provide us with the information of IP addresses (192.168.5.224-225) through "sh ip nat trans | inc .5.244|.5.225".

I wanna know what ip addresses are translated when those ips (192.168.5.224-225) go through nat processing.

For testing could you change the ACL statment as follow:

access-list 101 deny ip host 192.168.5.224 10.32.0.0 0.0.255.255

access-list 101 deny ip host 192.168.5.225 10.32.0.0 0.0.255.255

access-list 101 deny ip host 192.168.5.226 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255

And confirm my confusion with this commands

"clear ip nat trans *"

"show access-l 101"

"sh ip nat trans | inc .5.244|.5.225".

Hope this helps

Thot

122
Views
0
Helpful
3
Replies