https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523626#M609075 <P>Hello,</P><P></P><P>My router interface already has a nat inside with a nat pool configured for natting 10.x.x.x private IPs to 172.28.x.x private IPs. I want to use the same interface to NAT a subnet of 10.x.x.x private IPs to the interface IP(public IP) to go to internet. Can I just add another "nat inside source list interface" statement for this to work?</P><P></P><P>Please note that the 10.x.x.x subnet I need to translate to interface(public ip) is not included in the access-l for the nat already configured on the interface.</P><P></P><P></P><P>Thanks! </P> Mon, 11 Mar 2019 18:54:46 GMT shivani.sharma 2019-03-11T18:54:46Z https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523626#M609075 <P>Hello,</P><P></P><P>My router interface already has a nat inside with a nat pool configured for natting 10.x.x.x private IPs to 172.28.x.x private IPs. I want to use the same interface to NAT a subnet of 10.x.x.x private IPs to the interface IP(public IP) to go to internet. Can I just add another "nat inside source list interface" statement for this to work?</P><P></P><P>Please note that the 10.x.x.x subnet I need to translate to interface(public ip) is not included in the access-l for the nat already configured on the interface.</P><P></P><P></P><P>Thanks! </P> Mon, 11 Mar 2019 18:54:46 GMT https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523626#M609075 shivani.sharma 2019-03-11T18:54:46Z https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523627#M609078 <HTML><HEAD></HEAD><BODY><P>Hi Shivani,</P><P></P><P>Yes it should work by adding a new nat statement for the selected private network 10.x.x.x</P><P><EM>ip nat inside source list</EM> 1 <EM>interface</EM> <INERFACE> overload</INERFACE></P><P>and access-list 1 defining the traffic 10.x.x.x</P><P></P><P>Can you post your existing nat configuation here so that i can confirm in case u need to use route-maps, or if a nat statement mentioned above will work fine.</P><P></P><P>Cheers,</P><P>Rudresh V</P></BODY></HTML> Fri, 15 Oct 2010 16:35:47 GMT https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523627#M609078 Rudresh Veerappaji 2010-10-15T16:35:47Z https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523628#M609079 <HTML><HEAD></HEAD><BODY><P>Hello Rudresh,</P><P></P><P>Thanks for your response. Below is existing nat I have on the interface and the subnet I need to nat to public ip of the interface is 10.7.251.128/25.</P><P></P><P></P><P>ip nat pool <POOL_NAME> 172.28.120.145 172.28.120.158 netmask 255.255.255.240</POOL_NAME></P><P><BR />ip nat inside source route-map <ROUTE_MAP_NAME> pool <POOL_NAME> vrf <VRF_NAME></VRF_NAME></POOL_NAME></ROUTE_MAP_NAME></P><P></P><P>route-map <ROUTE_MAP_NAME> permit 10<BR />&nbsp; match ip address <ACL_NAME><BR /> match interface GigabitEthernet0/1.104</ACL_NAME></ROUTE_MAP_NAME></P><P><BR />Extended IP access list <ACL_NAME><BR />&nbsp;&nbsp;&nbsp; 10 permit ip 172.28.120.128 0.0.0.15 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 20 permit ip 172.28.120.128 0.0.0.15 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 30 permit ip 172.28.120.128 0.0.0.15 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 40 permit ip 10.4.0.0 0.3.255.255 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 50 permit ip 10.4.0.0 0.3.255.255 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 60 permit ip 10.4.0.0 0.3.255.255 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 70 permit ip 10.4.0.0 0.3.255.255 host <PUBLIC_IP> <BR />&nbsp;&nbsp;&nbsp; 80 permit ip 10.4.0.0 0.3.255.255 host <PUBLIC_IP> </PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></PUBLIC_IP></ACL_NAME></P><P>Thank you.</P></BODY></HTML> Fri, 15 Oct 2010 16:43:30 GMT https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523628#M609079 shivani.sharma 2010-10-15T16:43:30Z https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523629#M609080 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Hi Shivani,</SPAN></P><P></P><P>We would need following configuration to acheive the requirement:</P><P></P><P><SPAN style="font-size: 10pt;">ip nat inside source route-map <ROUTE-MAP-2> interface GigabitEthernet0/1.104&nbsp; overload vrf <VRF-NAME><BR /><BR /> ip access-list extended <ACCESS-LIST-2><BR /> permit ip </ACCESS-LIST-2></VRF-NAME></ROUTE-MAP-2></SPAN>10.7.251.128/25 any<BR /><SPAN style="font-size: 10pt;"> <BR /> route-map <ROUTE-MAP-2> permit 10<BR /> match ip address <ACCESS-LIST-2><BR /></ACCESS-LIST-2></ROUTE-MAP-2></SPAN></P><P></P><P>--Here i'm assuming your interface with public ip is <SPAN style="font-size: 10pt;">GigabitEthernet0/1.104</SPAN></P><P></P><P>Let me know if this works,</P><P></P><P>Cheers,</P><P>Rudresh V</P></BODY></HTML> Fri, 15 Oct 2010 17:05:41 GMT https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523629#M609080 Rudresh Veerappaji 2010-10-15T17:05:41Z https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523630#M609081 <HTML><HEAD></HEAD><BODY><P>Thanks Rudresh!</P></BODY></HTML> Tue, 26 Oct 2010 18:11:26 GMT https://community.cisco.com/t5/network-security/multiple-nat-inside-statements/m-p/1523630#M609081 shivani.sharma 2010-10-26T18:11:26Z