Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
982
Views
0
Helpful
3
Replies

Cisco : IP NAT Inside : re-ordering?

Andrew Battersby
Level 1
Level 1

‎11-27-2012 02:36 AM - edited ‎03-04-2019 06:15 PM

Can anyone confirm if you can re-order the "IP NAT Inside" statements on a Cisco router.

For example I have a router with lots of NAT Statements as below:

ip nat pool cust1Mail 8.8.8.8 8.8.8.8 netmask 255.255.255.248

ip nat inside source list DEFAULT_NAT interface GigabitEthernet0/0.112 vrf cust1

ip nat inside source list DEFAULT_NAT interface GigabitEthernet0/0.116 vrf cust2

ip nat inside source list DEFAULT_NAT interface GigabitEthernet0/0.114 vrf cust3

ip nat inside source list cust-Mail-Server pool BroraMail vrf cust3 overload

ip access-list extended DEFAULT_NAT

permit ip any any

ip access-list extended cust-Mail-Server

permit ip host 192.168.16.137 any

Now I want the router to nat the "192.168.16.137" IP out of the "8.8.8.8" address but to do this I would guess I need to make sure the "

"ip nat inside source list cust-Mail-Server pool BroraMail vrf cust3 overload" statement is before the "ip nat inside source list DEFAULT_NAT interface GigabitEthernet0/0.114 vrf cust3" statement.

Is there an easy way to re-order the ip nat inside source statements to make sure this is the case?

Thanks

Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎11-27-2012 02:50 AM

Hi,

why don't you just do like this:

ip access-list extended DEFAULT_NAT

deny ip host 192.168.16.137 any

permit ip any any

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Andrew Battersby
Level 1
Level 1
In response to cadet alain

‎11-27-2012 03:01 AM

I was waiting for that reply

This won't work in this case due to the VRF's Each VRF refer's to a seperate routing table and each routing table could have it's own 192.168.16.137 IP address so this would stop every instance of 192.168.16.137 natting out in each routing table. I could create seperate NAT Access-lists for each VRF and this is in fact what I've done to resolve the issue but I wanted to see if there was specifically a way to re-order the ip nat inside statements to resolve it this way as well.

Thanks


Andy

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Andrew Battersby

‎11-27-2012 03:32 AM

Hi,

yes you're right if you use same ACL for all VRFs then it won't work. I've never heard about NAT statement reordering method.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card