cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1024
Views
0
Helpful
6
Replies

Can anyone help with an answer to the following NAT on IOS question.

byron.momsen
Level 1
Level 1

Can anyone help with an answer to the following NAT on IOS question.

1)       On a Cisco router – Can two NATs be applied to the same traffic/packets? One NATing source to 172.17.3.5 and the other NATing destination to

------

ip nat inside source static 192.168.200.4 10.134.116.204

------

      and

------

ip nat pool MY-NAT-POOL 172.17.3.5 172.17.3.5 netmask 255.255.255.252

access-list 193 remark MY NAT - ACL

access-list 193 permit tcp 10.195.0.0 0.0.255.255 172.30.1.192 0.0.0.15

access-list 193 permit tcp 10.151.0.0 0.0.255.255 172.30.1.192 0.0.0.15

access-list 193 remark END

route-map MY-ROUTE-MAP permit 10

match ip address 193

ip nat outside source route-map MY-ROUTE-MAP pool MY-NAT-POOL route-add

-------

-------

interface GigabitEthernet0/0

ip nat inside

interface Serial0/0/0:13

ip nat outside

-------

     

In other words for incoming traffic from outside to inside can you NAT the destination and the source?                     

I need to NAT the incoming source due to overlapping networks with this other network. The other network cannot change.

Regards

1 Accepted Solution

Accepted Solutions


If you want to translate the source and the destination in the same packets them both nats must be statics.

Not completely true. See:

Using NAT in Overlapping Networks

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

View solution in original post

6 Replies 6

byron.momsen
Level 1
Level 1

Correction:

Can anyone help with an answer to the following NAT on IOS question.

1)   On a Cisco router – Can two NATs be applied to the same traffic/packets? One NATing source to 172.17.3.5 and the other NATing destination to 192.168.200.4.

      Objective of the config is: Orignal source 10.195.1.1 Original destination 10.134.116.204 - Translated source 172.17.3.5 Translated destination 192.168.200.4

------

ip nat inside source static 192.168.200.4 10.134.116.204

------

      and

------

ip nat pool MY-NAT-POOL 172.17.3.5 172.17.3.5 netmask 255.255.255.252

access-list 193 remark MY NAT - ACL

access-list 193 permit tcp 10.195.0.0 0.0.255.255 host 10.134.116.204

access-list 193 remark END

route-map MY-ROUTE-MAP permit 10

match ip address 193

ip nat outside source route-map MY-ROUTE-MAP pool MY-NAT-POOL route-add

-------

-------

interface GigabitEthernet0/0

ip nat inside

interface Serial0/0/0:13

ip nat outside

-------

     

In other words for incoming traffic from outside to inside can you NAT the destination and the source?                     

I need to NAT the incoming source due to overlapping networks with this other network. The other network cannot change.

Regards

Never worked on something like this but I think following command implementation  can help you out :-

ip nat outside source list xx pool NAT add-route

please check out the following link for further information :-

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

Thanks

Manish

Hi Manish

Thanks for the link.

ip nat outside source list xx pool NAT add-route

NAT command above only works if you only want to translate the source.

If you want to translate the source and the destination in the same packets them both nats must be statics.

See my final solution below for nating the source and destination in the same packet. I have confirmed that this config works in a lab.

ip nat outside source static network 133.195.0.0 172.195.0.0 255.255.0.0 add-route
ip nat outside source static network 134.151.0.0 172.151.0.0 255.255.0.0 add-route

interface FastEthernet0/1.3
ip nat outside
exit

interface FastEthernet0/1.4
ip nat inside
exit


ip nat inside source static 10.10.16.204 10.36.74.133

Regards

Byron


If you want to translate the source and the destination in the same packets them both nats must be statics.

Not completely true. See:

Using NAT in Overlapping Networks

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

Thanks Margalla

Thanks for the correction and info.

You are perfectly correct.

What I did find in my lab was that if the "ip nat inside" was a static and the "ip nat outside" used source route-map or source list

then  the static nat was applied to traffic and the ip nat outside did not work.

Looks like both must be static for both must be source list/route-map.

Regards

Thanks Margalla

typo: correction below. for should have been or

Looks like both must be static or both must be source list/route-map when translating ip nat outside "many to many"

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: