Showing results for 
Search instead for 
Did you mean: 

NAT overload and host portion preservation

I need help configuring NAT on a Cisco 1710

The two interfaces being utilized are

int FastEthernet0

description connected to primary local area network

ip address

int Async5

description PPP connection from remote-users and extranet router using DDR (may have any peer address )

ip address unumbered FastEthernet0

Here are the translations I want to occurr

I want all incoming ip packets on interface Async5 that are being routed to subnet to appear as though they are originating from the FastEthernet0 interface.

Note: This looks like it would be accomplished by using NAT overload but I believe that involves marking the FastEthernet0 interface as be ip nat outside which it is not.

I also want any incoming ip packet on interface Async5 with a destination address on subnet to have their destination network address translated to but I want the host portion of the address to remain unchanged

Note: I think this would involve creating a nat pool of type match-host

If someone could give me guidance on how to do this and perhaps even a sample configuration I would really appreciate it.

Thank you

Cisco Employee

Haven't tested the following, but give it a go:

int fa0

ip nat outside

int async5

ip nat inside

ip nat inside source list 100 inter fa0 overload

access-list 100 permit ip any

ip nat inside destination list 110 pool natpool

ip nat pool natpool pre 24 type match-host

access-list 110 permit ip any

As I said, haven't tested it, destination NAT is rarely used but this should get you close to what you want. Do a "sho ip nat trans" after running a few tests to show what you're getting.

Thanks gfullage,

The part of the solution you suggested using NAT overload is basically what I tried. It does work but unfornately it does require that I mark the actual inside port as outside and vice versa which I had hoped to avoid.

For some reason the I was never able to get a hit on access-list for the "match-host" translation you suggested. I have however found an alternate solution using static translations that appears to be working well.

The command is as follows

ip nat outside source static network /24

At any rate the needed translations are occurring now.

Content for Community-Ad