Solved: NAT WITH ACCESS-- LIST

bapatsubodh · ‎02-04-2006

HI,

we are using normal pair of NAT-global commands to nat traffic from inside to outside. But now we need to do NATing as per rules based on access-list. In short some traffic will be grouped in say NAT number -- 1, that will be linked with global number --1 , some another traffic will be grouped in NAT number --2 , and will be linked with global --2, so on

But finally what we need is traffic which do not meet any of the access-list should be packed in some another NAT and global pair. This is some kind of default route placed in router. ( no match in routing table -- send it to default gateway ).

in nut shell , requirement is as follows..

NAT (1)-- GLOBAL (1)-- ACCESS-LIST 1

NAT (2)--- GLOBAL (2)--ACCESS-LIST 2

NAT (3) ---GLOBAL (3) --- FOR REST OF THE TRAFFIC ( GENERATED FROM INSIDE WHO DO NOT MATCH ACCESS-LIST 1 AND ACCESS-LIST 2 ).

Thanks ..

pkhatri · ‎02-04-2006

Hi,

Here's an example of how you could do it:

access-list myacl1 permit ip 10.1.1.0 255.255.255.0 any

access-list myacl2 permit ip 10.1.2.0 255.255.255.0 any

nat (inside) 1 access-list myacl1

global (outside) 1 192.168.1.0 255.255.255.0

nat (inside) 2 access-list myacl2

global (outside) 2 192.168.2.0 255.255.255.0

nat (inside) 3 0.0.0.0

global (outside) 3 192.168.3.0 255.255.255.0

With the above config:

- traffic with source address 10.1.1.0/24 will be NAT'ed to 192.168.1.0/24.

- traffic with source address 10.1.2.0/24 will be NAT'ed to 192.168.2.0/24.

- all other traffic coming through the inside interface will be NAT'ed to 192.168.3.0/24

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

pkhatri · ‎02-04-2006

Hi,