07-11-2012 09:50 PM - edited 03-04-2019 04:56 PM
Dear boss
My server ip 192.168.0.14 nating IP 172.30.40.115 and i will access from 10.23.252.0/27.
WAN IP 10.0.0.1 and 10.0.1.1. it is crypto with IPsec.
MY conf :
Interface fe 0/0
switch port access vlan 10
interface vlan 10
ip add 10.0.0.1
ip route 10.23.252.0 255.255.255.224 10.0.1.1
ip nat inside source static 192.168.0.14 172.30.40.115 route-map NAT_30
access-list 2002 permit ip 172.30.40.112 0.0.0.15 10.23.252.0 0.0.0.31
route-map NAT_30 permit 10
match ip address 2002
Generally I bind nat with tunnel , but here no tunnel. where i apply nat and how to configure ????
Please suggest me.
shahid
Solved! Go to Solution.
07-15-2012 07:45 AM
remove the route-map from ur static NAT command, make it simple n make it work, complications... later.
did you set your router's LAN interface as NAT outside? ip nat outside
HTH,
Soroush.
07-11-2012 11:11 PM
can you please provide your topology layout ???
then I can tell you .
REgards
07-12-2012 01:38 AM
Generally i create a tunnel and bind NAT lie this:
tunnel 100
ip add 0.0.0.0 0.0.0.0
tunnel source 0.0.0.0
tunnel desti 0.0.0.0
ip nat outside
Here no tunnel so where i bind in avobe configuration ??
shahid
07-12-2012 01:47 AM
Hi,
you're doing a site-to-site IPSec VPN between these 2 subnets? if so then you don't have to NAT traffic between the 2 subnets( do a deny in an extended access-list used for NAT) an apply nat on inside and outside interfaces for internet traffic.
Regards.
Alain.
Don't forget to rate helpful posts.
07-12-2012 02:14 AM
Dear Alain
Branch have permission on 172.30.40.115 not at 192.168.0.14 and it virtual IP. so i need NAT to get 192.168.0.14. Rranch router is configured for forwarding 172.30.40.112/27 and it is ok.
How i get 192.168.0.14 by using NAT from branch ???
07-12-2012 05:13 AM
Hi,
if I got it right, u want ur hosts to send traffic to 172.30.40.115 and ur Server (192.168.0.14) at the other end receives it, and your switch does routing as well, and u need to convert the ip's on ur branch router...?
So your config on the switch would need a static route to 172.30.40.115 pointing to the branch router.
ip route 172.30.40.115 x.x.x.x [router, gateway ip] .... so that traffic with original ip for server is sent to the router.
then on the router you do the NAT with the serial interface as OUTSIDE interface.
int s0/0
ip nat outside
ip nat inside source static 192.168.0.14 172.30.40.115
let me know if i got the whole idea wrong, then you may need to shift the config to the other router.
Hope it Helps,
Soroush.
07-14-2012 11:14 PM
Dear Soroushm
The NAT is applicable in Head office router. Take it very simple. Branch IP( 10.23.252.0/27) will ping to 172.30.40.115 and 192.168.0.14 will respond. I did NAT to my head office router and bind to vlan 10 described in avobe configuration. It dose not work. My crypto and routing is ok. but when i create nat and bind it to vlan 10 dose not work.
Is there another way to work. ?????
shahid
07-15-2012 07:45 AM
remove the route-map from ur static NAT command, make it simple n make it work, complications... later.
did you set your router's LAN interface as NAT outside? ip nat outside
HTH,
Soroush.
07-15-2012 09:46 PM
Dear Soroushm
U r Right. Its working now.
now i need to delete some static nat. but can not do ?
I tried to deletet as follows:
router# no ip nat translation *
router(conf)#no ip nat inside source static 0.0.0.0 0.0.0.0
wr.
Relaod
But can not remove or edit
How to remove single or all nat.
Pls suggest me
shahid
07-16-2012 09:55 AM
try removing the ip nat outside / ip nat inside commands from the interfaces, then go through the steps u did before. and then reconfig.
Hope it Helps,
Soroush.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide