09-05-2024 12:44 AM
I have a C1111 router and I configured the following static NAT.
ip nat inside source static 192.168.2.190 172.25.139.241
ip nat inside source static 192.168.2.191 172.25.139.242
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
I would like to know whether the third static NAT configuration will conflict with the previous two static NAT configurations?
What I want to achieve is that 192.168.2.100 and 192.168.2.101 are NATed to 172.25.139.241 and 172.25.139.242 respectively, and the other addresses of 192.168.2.0/24 are NATed to 192.168.61.0/24
Solved! Go to Solution.
09-05-2024 02:49 AM - edited 09-05-2024 03:01 AM
Hello
@haininghuang3185 wrote:Then I need to add the above configuration:
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
I am not sure whether the newly added commands will conflict with the original NAT configuration.
No it WILL not conflict, you will be fine adding this, it will just create an additional permanent static mapping in the translation table along with the other two static mappings prior to any translation.
example::
Inside global Inside local
192.168.2.190 172.25.139.241
192.168.2.191 172.25.139.242
192.168.2.0 192.168.61.0
09-05-2024 03:03 AM
Friend the router seach NAT for same ingress and egress for host 192.168.2.190 (example) one by one
First it will match NAT
192.168.2.190 172.25.139.241
So it will not continue to match other NAT
192.168.2.0 192.168.61.0
that make 2.190 and 2.191 never NATing to 192.168.61.x
And it worse if he add
Ip nat inside source static network
Above all other NAT.
So we need to find away to solve this conflict.
The idea I have is he use route-map for first two static NAT' where if source is 2.190/2.191 and destiantion is specfic then he will use these NAT
If not the router will match last NAT
MHM
09-05-2024 03:19 AM
@haininghuang3185
Just to clarify once more , you will be okay to add that additional static network statement you do not require any route-map statement.
09-05-2024 12:48 AM
There is no such this command
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
What try to do here?
MHM
09-05-2024 12:54 AM
There is such a command, which I can configure on the C1111 router. Now I need to add a command, which is ip nat inside source static network 192.168.2.0 192.168.61.0 /24, but I am not sure whether this command will affect my original two commands
ip nat inside source static 192.168.2.190 172.25.139.241
ip nat inside source static 192.168.2.191 172.25.139.242
09-05-2024 12:59 AM
Friends there is
One to one
One to many (using pool)
But there is No
Many to many
MHM
09-05-2024 01:11 AM
Hello friend,
this command is also one-to-one NAT, which is to implement one-to-one NAT of the entire address segment, 192.168.2.0/24 NAT 192.168.61.0/24
You can look at this post
https://community.cisco.com/t5/routing/static-nat-for-a-complete-subnet/m-p/1297182#M122385
09-05-2024 01:18 AM
First time I see such this command,
But you are correct
It one to one if both real and mapped IP use same prefix
And there is no conflict since the real and mapped IP not use in other NAT
MHM
09-05-2024 01:15 AM - edited 09-05-2024 01:18 AM
Hello
@MHM Cisco WorldBut there is No
Many to many
MHM
incorrect yes there is such a feature that can be used like - ip nat inside source static network 192.168.2.0 192.168.61.0 /24
09-05-2024 01:40 AM
Sorry but why the original post show
192.168.2.0 and screenshot 192.168.100.0?
If it 192.168.100.0 this command not conflict
If it 192.168.2.0 then there is conflicts
MHM
09-05-2024 01:53 AM
I currently need to add a command to the original configuration
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
09-05-2024 02:05 AM
Are the ingress and egress of both NAT same?
İf not then there is no issue if same then there is conflict.
MHM