cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
5
Helpful
24
Replies

About Router NAT Configuration Consultation

I have a C1111 router and I configured the following static NAT.

ip nat inside source static 192.168.2.190 172.25.139.241

ip nat inside source static 192.168.2.191 172.25.139.242

ip nat inside source static network 192.168.2.0 192.168.61.0 /24

I would like to know whether the third static NAT configuration will conflict with the previous two static NAT configurations?

What I want to achieve is that 192.168.2.100 and 192.168.2.101 are NATed to 172.25.139.241 and 172.25.139.242 respectively, and the other addresses of 192.168.2.0/24 are NATed to 192.168.61.0/24

3 Accepted Solutions

Accepted Solutions

Hello


@haininghuang3185 wrote:

Then I need to add the above configuration:

ip nat inside source static network 192.168.2.0 192.168.61.0 /24

I am not sure whether the newly added commands will conflict with the original NAT configuration.



No it WILL not conflict, you will be fine adding this, it will just create an additional permanent static mapping in the translation table along with the other two static mappings prior to any translation.
example::
Inside global               Inside local      
192.168.2.190           172.25.139.241
192.168.2.191           172.25.139.242
192.168.2.0               192.168.61.0


 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Friend the router seach NAT for same ingress and egress for host  192.168.2.190 (example) one by one

First  it will match NAT

192.168.2.190           172.25.139.241

So it will not continue to match other NAT

192.168.2.0               192.168.61.0

that make 2.190 and 2.191 never NATing to 192.168.61.x 

And it worse if he add 

Ip nat inside source static network 

Above all other NAT.

So we need to find away to solve this conflict.

The idea I have is he use route-map for first two static NAT' where if source is 2.190/2.191 and destiantion is specfic then he will use these NAT 

If not the router will match last NAT

MHM

View solution in original post

@haininghuang3185 
Just to clarify once more , you will be okay to add that additional static network statement you do not require any route-map statement.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

24 Replies 24

There is no such this command 

ip nat inside source static network 192.168.2.0 192.168.61.0 /24

What try to do here?

MHM

There is such a command, which I can configure on the C1111 router. Now I need to add a command, which is ip nat inside source static network 192.168.2.0 192.168.61.0 /24, but I am not sure whether this command will affect my original two commands
ip nat inside source static 192.168.2.190 172.25.139.241
ip nat inside source static 192.168.2.191 172.25.139.242

 

1.png

Friends there is 

One to one 

One to many (using pool)

But there is No 

Many to many 

MHM

Hello friend,

this command is also one-to-one NAT, which is to implement one-to-one NAT of the entire address segment, 192.168.2.0/24 NAT 192.168.61.0/24

You can look at this post

https://community.cisco.com/t5/routing/static-nat-for-a-complete-subnet/m-p/1297182#M122385

First time I see such this command,

But you are correct

It one to one if both real and mapped IP use same prefix

And there is no conflict since the real and mapped IP not use in other NAT

MHM

Hello


@MHM Cisco World 

But there is No 

Many to many
MHM


incorrect yes there is such a feature that can be used  like - ip nat inside source static network 192.168.2.0 192.168.61.0 /24


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sorry but why the original post show 

192.168.2.0 and screenshot 192.168.100.0?

If it 192.168.100.0 this command not conflict 

If it 192.168.2.0 then there is conflicts 

MHM

I currently need to add a command to the original configuration
ip nat inside source static network 192.168.2.0 192.168.61.0 /24

Are the ingress and egress of both NAT same?

İf not then there is no issue if same then there is conflict. 

MHM

The equipment configuration is as follows:

interface GigabitEthernet0/1/0
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/1/2
switchport access vlan 101
switchport mode access
!
interface Vlan10
ip address 10.1.32.98 255.255.255.252
ip nat outside
!
interface Vlan101
ip address 192.168.0.6 255.255.255.248
ip nat inside
!
ip nat inside source static 192.168.2.190 172.25.139.241
ip nat inside source static 192.168.2.191 172.25.139.242

Then I need to add the above configuration:

ip nat inside source static network 192.168.2.0 192.168.61.0 /24

I am not sure whether the newly added commands will conflict with the original NAT configuration.

If one inside and one outside sure it will conflict. 

Do you want to check this case in my lab?

MHM

 

It would be better if you can help test it in LAB

Hello


@haininghuang3185 wrote:
I would like to know whether the third static NAT configuration will conflict with the previous two static NAT configurations?

What I want to achieve is that 192.168.2.100 and 192.168.2.101 are NATed to 172.25.139.241 and 172.25.139.242 respectively, and the other addresses of 192.168.2.0/24 are NATed to 192.168.61.0/24


no it should not conflict however, you do have another option and that would be to use an access-list .and deny those static nat from the inside local address range (192.168.2.0/24)

access-list 100 deny ip host 192.168.2.100 any
access-list 100 deny ip host 192.168.2.101 any
access-list 100 permit ip 192.168.2.0 0.0.0.255  any

no ip nat inside source static network 192.168.2.0 192.168.61.0 /24
ip nat pool POOL 192.168.61.1 192.168.61.254 prefix-length 24
ip nat inside source list 100 pool POOL




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I don't want to do dynamic NAT, because I want to implement one-to-one NAT for the entire network segment,
for example
192.168.2.1 NAT 192.168.61.1
192.168.2.2 NAT 192.168.61.2
192.168.2.3 NAT 192.168.61.3
....
192.168.2.253 NAT 192.168.61.253
192.168.2.254 NAT 192.168.61.254

Review Cisco Networking for a $25 gift card