Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
1
Replies

NAT out one interface but not the other with IOS?

Go to solution
cmorledge
Level 1
Level 1

‎02-28-2012 12:40 PM - edited ‎03-11-2019 03:36 PM

I am trying to figure out how to use a Cisco 1841 IOS router to take traffic from one interface and source NAT it out towards the Internet on one interface and at the same time NOT perform NAT when sending the traffic towards a different routed interface.   Something like this:

RemoteSite(an extension to Main Campus)

|

|

Fa0/1

|

Cisco1841 --- Fa0/0/0-------------------Public Internet (NAT all outbound traffic from "Remote Site",

|                                                                        no need to NAT from Main Campus)

Fa0/0

|

MainCampus

Here the RemoteSite has connectivity back to the MainCampus, but there is no need to NAT traffic from the one site to the other.   They share the same umbrella of address space.   However, the RemoteSite needs to have its Internet-bound traffic NAT'ed out to the Public Internet via a third interface.  

I know that I could just NAT everything out from the Remote Site and map the traffic back onto the same address space for intra-campus communication, but I'd rather avoid that and just NAT where I need to NAT it to the Internet.

I do have a caveat here:   in the event that either the MainCampus or the Public Internet interfaces go down, I would like to failover traffic from the downed link to other good link.  For example, I want to NAT all traffic (including "intra-campus" traffic) out via the Public Internet if the direct link to the MainCampus is down.  For the other example, if the Public Internet direct link is down, I would just send out all traffic without NAT towards the MainCampus.

Any ideas?

Thank you.

Clarke Morledge

College of William and Mary

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lcambron
Level 3
Level 3

‎02-28-2012 04:48 PM

Hello Clarke,

I think you need to post you question on the routing section instead of security, to the correct expect can help you.

If I understand what you want to do...

You have three interfaces and need to NAT from interface1 to interface2 but not from interface1 to interface3.

Since you can specify the interfaces that participate on NAT, just don't include the MainCampus interface.

interface F0/1

ip nat inside

interface F0/0

ip nat outside

interface F0/2

-----

I hope it helps.

Felipe.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
lcambron
Level 3
Level 3

‎02-28-2012 04:48 PM

Hello Clarke,

I think you need to post you question on the routing section instead of security, to the correct expect can help you.

If I understand what you want to do...

You have three interfaces and need to NAT from interface1 to interface2 but not from interface1 to interface3.

Since you can specify the interfaces that participate on NAT, just don't include the MainCampus interface.

interface F0/1

ip nat inside

interface F0/0

ip nat outside

interface F0/2

-----

I hope it helps.

Felipe.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card