09-05-2024 12:44 AM
I have a C1111 router and I configured the following static NAT.
ip nat inside source static 192.168.2.190 172.25.139.241
ip nat inside source static 192.168.2.191 172.25.139.242
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
I would like to know whether the third static NAT configuration will conflict with the previous two static NAT configurations?
What I want to achieve is that 192.168.2.100 and 192.168.2.101 are NATed to 172.25.139.241 and 172.25.139.242 respectively, and the other addresses of 192.168.2.0/24 are NATed to 192.168.61.0/24
Solved! Go to Solution.
09-05-2024 01:27 AM
Hello @haininghuang3185
Nw I understand...so then you should be okay with the cfg you already have applied........however yet another option may be applicable would be to used nat " match-host"
ip nat pool POOL 192.168.61.1 192.168.61.254 prefix-length 24 type match-host
this will match inside local to inside global addressing
09-05-2024 02:00 AM
İp nat Inside source static network
Not use pool at all.
MHM
09-05-2024 02:49 AM - edited 09-05-2024 03:01 AM
Hello
@haininghuang3185 wrote:Then I need to add the above configuration:
ip nat inside source static network 192.168.2.0 192.168.61.0 /24
I am not sure whether the newly added commands will conflict with the original NAT configuration.
No it WILL not conflict, you will be fine adding this, it will just create an additional permanent static mapping in the translation table along with the other two static mappings prior to any translation.
example::
Inside global Inside local
192.168.2.190 172.25.139.241
192.168.2.191 172.25.139.242
192.168.2.0 192.168.61.0
09-05-2024 02:55 AM
2.190 and 2.191 will always NAT usign first two NaT line and never NaT to 192.168.61.0
This conflict.
MHM
09-05-2024 02:56 AM
@MHM Cisco World
Can you elaborate?
09-05-2024 03:03 AM
Friend the router seach NAT for same ingress and egress for host 192.168.2.190 (example) one by one
First it will match NAT
192.168.2.190 172.25.139.241
So it will not continue to match other NAT
192.168.2.0 192.168.61.0
that make 2.190 and 2.191 never NATing to 192.168.61.x
And it worse if he add
Ip nat inside source static network
Above all other NAT.
So we need to find away to solve this conflict.
The idea I have is he use route-map for first two static NAT' where if source is 2.190/2.191 and destiantion is specfic then he will use these NAT
If not the router will match last NAT
MHM
09-05-2024 03:03 AM
If so, then I can achieve my needs.
I want to achieve is that 192.168.2.100 and 192.168.2.101 are NAT to 172.25.139.241 and 172.25.139.242 respectively, and the other addresses of 192.168.2.0/24 are NAT to 192.168.61.0/24.
09-05-2024 03:05 AM
If that so there is not conflict you can use both NAT
MHM
09-05-2024 03:13 AM - edited 09-05-2024 03:15 AM
Hello
@MHM Cisco World wrote:
that make 2.190 and 2.191 never NATing to 192.168.61.x
So it will not continue to match other NAT
192.168.2.0 192.168.61.0
You are incorrect in your thinking
Remember these are the two single specific static nat mappings so they will NEVER nat to 192.168.61.x as they are STATIC (1-2-1 mapping)
So adding the any other none specified staitc network mapping will ONLY use the 192.168.2.0 <> 192.168.61.0 nat statement and not conflict
09-05-2024 03:19 AM
@haininghuang3185
Just to clarify once more , you will be okay to add that additional static network statement you do not require any route-map statement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide