Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1256
Views
0
Helpful
6
Replies

Can anyone help with an answer to the following NAT on IOS question.

Go to solution
byron.momsen
Level 1
Level 1

‎10-18-2010 11:55 AM - edited ‎03-04-2019 10:09 AM

Can anyone help with an answer to the following NAT on IOS question.

1)       On a Cisco router – Can two NATs be applied to the same traffic/packets? One NATing source to 172.17.3.5 and the other NATing destination to

------

ip nat inside source static 192.168.200.4 10.134.116.204

------

      and

------

ip nat pool MY-NAT-POOL 172.17.3.5 172.17.3.5 netmask 255.255.255.252

access-list 193 remark MY NAT - ACL

access-list 193 permit tcp 10.195.0.0 0.0.255.255 172.30.1.192 0.0.0.15

access-list 193 permit tcp 10.151.0.0 0.0.255.255 172.30.1.192 0.0.0.15

access-list 193 remark END

route-map MY-ROUTE-MAP permit 10

match ip address 193

ip nat outside source route-map MY-ROUTE-MAP pool MY-NAT-POOL route-add

-------

-------

interface GigabitEthernet0/0

ip nat inside

interface Serial0/0/0:13

ip nat outside

-------

     

In other words for incoming traffic from outside to inside can you NAT the destination and the source?                     

I need to NAT the incoming source due to overlapping networks with this other network. The other network cannot change.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
margalla
Cisco Employee
Cisco Employee
In response to byron.momsen

‎11-09-2010 10:09 PM 


If you want to translate the source and the destination in the same packets them both nats must be statics.

Not completely true. See:

Using NAT in Overlapping Networks

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

View solution in original post

0 Helpful
6 Replies 6

Go to solution
byron.momsen
Level 1
Level 1

‎10-18-2010 12:13 PM

Correction:

Can anyone help with an answer to the following NAT on IOS question.

1)   On a Cisco router – Can two NATs be applied to the same traffic/packets? One NATing source to 172.17.3.5 and the other NATing destination to 192.168.200.4.

      Objective of the config is: Orignal source 10.195.1.1 Original destination 10.134.116.204 - Translated source 172.17.3.5 Translated destination 192.168.200.4

------

ip nat inside source static 192.168.200.4 10.134.116.204

------

      and

------

ip nat pool MY-NAT-POOL 172.17.3.5 172.17.3.5 netmask 255.255.255.252

access-list 193 remark MY NAT - ACL

access-list 193 permit tcp 10.195.0.0 0.0.255.255 host 10.134.116.204

access-list 193 remark END

route-map MY-ROUTE-MAP permit 10

match ip address 193

ip nat outside source route-map MY-ROUTE-MAP pool MY-NAT-POOL route-add

-------

-------

interface GigabitEthernet0/0

ip nat inside

interface Serial0/0/0:13

ip nat outside

-------

     

In other words for incoming traffic from outside to inside can you NAT the destination and the source?                     

I need to NAT the incoming source due to overlapping networks with this other network. The other network cannot change.

Regards

0 Helpful

Go to solution
manish arora
Level 6
Level 6
In response to byron.momsen

‎10-18-2010 01:38 PM

Never worked on something like this but I think following command implementation  can help you out :-

ip nat outside source list xx pool NAT add-route

please check out the following link for further information :-

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

Thanks

Manish

0 Helpful

Go to solution
byron.momsen
Level 1
Level 1
In response to manish arora

‎11-09-2010 07:57 AM

Hi Manish

Thanks for the link.

ip nat outside source list xx pool NAT add-route

NAT command above only works if you only want to translate the source.

If you want to translate the source and the destination in the same packets them both nats must be statics.

See my final solution below for nating the source and destination in the same packet. I have confirmed that this config works in a lab.

ip nat outside source static network 133.195.0.0 172.195.0.0 255.255.0.0 add-route
ip nat outside source static network 134.151.0.0 172.151.0.0 255.255.0.0 add-route

interface FastEthernet0/1.3
ip nat outside
exit

interface FastEthernet0/1.4
ip nat inside
exit


ip nat inside source static 10.10.16.204 10.36.74.133

Regards

Byron

0 Helpful

Go to solution
margalla
Cisco Employee
Cisco Employee
In response to byron.momsen

‎11-09-2010 10:09 PM 


If you want to translate the source and the destination in the same packets them both nats must be statics.

Not completely true. See:

Using NAT in Overlapping Networks

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

0 Helpful

Go to solution
byron.momsen
Level 1
Level 1
In response to margalla

‎11-11-2010 05:28 AM

Thanks Margalla

Thanks for the correction and info.

You are perfectly correct.

What I did find in my lab was that if the "ip nat inside" was a static and the "ip nat outside" used source route-map or source list

then  the static nat was applied to traffic and the ip nat outside did not work.

Looks like both must be static for both must be source list/route-map.

Regards

0 Helpful

Go to solution
byron.momsen
Level 1
Level 1
In response to margalla

‎11-11-2010 05:47 AM

Thanks Margalla

typo: correction below. for should have been or

Looks like both must be static or both must be source list/route-map when translating ip nat outside "many to many"

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card