Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
3
Replies

dynamic NAT in two ways and static NAT

pkohlstetter
Level 1
Level 1

‎02-25-2004 06:33 AM - edited ‎03-02-2019 01:50 PM

Hello,

on of our VPN-Locations has a local network 192.168.0.0 /24 and uses a Cisco router for connection to Internet and a GRE-IPSEC-Tunnel for the connection to an other network. There is a dynamic NAT configured on the router for the internet and for the connection to the other network.

Both dynamic NATs work fine for all PCs in the network.

Because of a notes-link we need a static NAT to one server in the network. This static NAT is also working fine through the VPN-Tunnel. But the dynamic NAT for this server into the internet is not working anymore. If I delete the static NAT the Server can work without any problems in the internet.

Can anybody help me with that problem?

ip nat pool provider1-space 199.10.10.1 196.22.167.47 prefix-length 29

ip nat pool provider2-space 10.33.33.5 10.33.33.6 prefix-length 30

ip nat inside source route-map MAP-provider1-space interface Serial0/0 overload

ip nat inside source route-map MAP-provider2-space pool provider2-space

ip nat inside source static 192.168.0.47 10.33.33.11

route-map MAP-provider1-space permit 10

match ip address 100

match interface Serial0/0

!

route-map MAP-provider2-space permit 10

match ip address 100

match interface Tunnel14

access-list 100 remark NAT

access-list 100 deny ip any host 47.1.1.1

access-list 100 deny ip any host 47.1.1.2

access-list 100 permit ip any any

If you need more informations please send me an email. All ip-addresses are changed.

Best regards,

Peer Kohlstetter

Labels:
0 Helpful
3 Replies 3

keith.campbell
Level 1
Level 1

‎02-26-2004 07:04 AM

An interesting one for the lab. The problem is, any static translations over-ride any dynamic translations..... so how about a third pool with the single address translation for the server ?

0 Helpful

pkohlstetter
Level 1
Level 1
In response to keith.campbell

‎02-26-2004 10:21 PM

Hello,

if I use a third pool, is it possible to use this NAT in both directions like a static NAT? The pool with only one address will be a dynamic NAT? I'm not shure if I can reach the server from outside like befor with the static NAT.

0 Helpful

keith.campbell
Level 1
Level 1
In response to pkohlstetter

‎02-27-2004 01:16 AM

I was thinking outloud.... I have made it work using an additional tunnel. So that the server and the PC's make use of the pool to the provider through seial interface, PCs to the vpn site using the tunnel1 interface and the server to the vpn site using the second tunnel interface.... but unsure of the exact addressing requirements and the direction of traffic etc..

Need more information to be able to match your requirements.....

0 Helpful
Customers Also Viewed These Support Documents