My server ip 192.168.0.14 nating IP 172.30.40.115 and i will access from 10.23.252.0/27.
WAN IP 10.0.0.1 and 10.0.1.1. it is crypto with IPsec.
MY conf :
Interface fe 0/0
switch port access vlan 10
interface vlan 10
ip add 10.0.0.1
ip route 10.23.252.0 255.255.255.224 10.0.1.1
ip nat inside source static 192.168.0.14 172.30.40.115 route-map NAT_30
access-list 2002 permit ip 172.30.40.112 0.0.0.15 10.23.252.0 0.0.0.31
route-map NAT_30 permit 10
match ip address 2002
Generally I bind nat with tunnel , but here no tunnel. where i apply nat and how to configure ????
Please suggest me.
Solved! Go to Solution.
Generally i create a tunnel and bind NAT lie this:
ip add 0.0.0.0 0.0.0.0
tunnel source 0.0.0.0
tunnel desti 0.0.0.0
ip nat outside
Here no tunnel so where i bind in avobe configuration ??
you're doing a site-to-site IPSec VPN between these 2 subnets? if so then you don't have to NAT traffic between the 2 subnets( do a deny in an extended access-list used for NAT) an apply nat on inside and outside interfaces for internet traffic.
Don't forget to rate helpful posts.
Branch have permission on 172.30.40.115 not at 192.168.0.14 and it virtual IP. so i need NAT to get 192.168.0.14. Rranch router is configured for forwarding 172.30.40.112/27 and it is ok.
How i get 192.168.0.14 by using NAT from branch ???
if I got it right, u want ur hosts to send traffic to 172.30.40.115 and ur Server (192.168.0.14) at the other end receives it, and your switch does routing as well, and u need to convert the ip's on ur branch router...?
So your config on the switch would need a static route to 172.30.40.115 pointing to the branch router.
ip route 172.30.40.115 x.x.x.x [router, gateway ip] .... so that traffic with original ip for server is sent to the router.
then on the router you do the NAT with the serial interface as OUTSIDE interface.
ip nat outside
ip nat inside source static 192.168.0.14 172.30.40.115
let me know if i got the whole idea wrong, then you may need to shift the config to the other router.
Hope it Helps,
The NAT is applicable in Head office router. Take it very simple. Branch IP( 10.23.252.0/27) will ping to 172.30.40.115 and 192.168.0.14 will respond. I did NAT to my head office router and bind to vlan 10 described in avobe configuration. It dose not work. My crypto and routing is ok. but when i create nat and bind it to vlan 10 dose not work.
Is there another way to work. ?????
U r Right. Its working now.
now i need to delete some static nat. but can not do ?
I tried to deletet as follows:
router# no ip nat translation *
router(conf)#no ip nat inside source static 0.0.0.0 0.0.0.0
But can not remove or edit
How to remove single or all nat.
Pls suggest me
try removing the ip nat outside / ip nat inside commands from the interfaces, then go through the steps u did before. and then reconfig.
Hope it Helps,