Funky NAT Pool

TODD BEERS · ‎12-28-2011

Trying to do a workaround for a SQL/application related problem. Per customer's security requirements, they're only using a single source IP for a single destination IP. The SQL/app problem is that while there are multiple connections from the same source IP, but with diferent source ports, the SQL/app end rejects more than one user when a query is issued. So I thought we could just NAT that single IP out to a pool and that would allow the destination to see multiple source IP's. Unfortunately, I haven't been able to get it to work yet, but then again, I haven't had to do a nat poll in a very long time. Here's what I've got:

int tunnel 8

ip nat inside

int vlan 10

ip addr 172.1.1.1

ip nat outside

ip route 10.22.78.0 255.255.255.0 172.1.1.2

ip nat pool Cust 10.22.78.10 10.22.78.100 netmask 255.255.255.0
ip nat outside source list Cust_out pool Cust add-route

access-list extended Cust_out
permit ip host 192.168.1.1 any

We also have another static NAT for the destination IP:

ip nat inside source static 10.22.80.53 172.22.80.53

VLAN10 is a LAN interface ni a DMZ.

Marwan ALshawi · ‎12-29-2011

What you do is to create a nat pool with same ip as starting and ending of the range

In nat command use overload keyword to make it like static nat and dynamic pat

Ip nat pool pool1 10.22.78.10 10.22.70.10 netmask 255.255.255.0

Access-list 100 permit ip host 192.168.1.1 any

Ip nat inside source list 100 pool pool1 overload

And make sure to remove the old nat config and the source interface has ip nat onside and the outgoing interface has ip nat outside

Hope this help

Sent from Cisco Technical Support iPhone App