Local NAT for some Destinations - Page 2

diego.casanova91 · ‎08-10-2022

Hi all.

I have this problem on my productive network.

I routed all my branches on my Central branch, but I need use the Local internet service for some hosts (like Akamai) so I have replied the base configuration on GNS3.

R1 Config.

interface FastEthernet0/0
ip address 10.10.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1 (Connecter to NAT1 emulating nat)
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!

interface Vlan1
no ip address
!
ip forward-protocol nd
ip route 10.100.50.0 255.255.255.0 10.10.0.2 name LAN-prueba
!
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/1 overload
!
access-list 10 permit 10.100.50.0 0.0.0.255
no cdp log mismatch duplex
!
!
!

R2 Config

for practical test I trie to reach the host 8.8.4.4. from de local Internet service

interface FastEthernet0/0
ip address 10.10.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

interface Vlan1
ip address 10.100.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip default-gateway 10.10.0.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.0.1 name Default-salida
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map NAT_SPLIT interface FastEthernet0/1 overload reversible
!
access-list 100 remark macheo para natear por otro lado.
access-list 100 permit ip 10.100.50.0 0.0.0.255 host 8.8.4.4
no cdp log mismatch duplex
!
route-map NAT_SPLIT permit 10
match ip address 100
match interface FastEthernet0/1
!
route-map NO_NAT-SLIPT permit 10
match ip address 1

match interface fastethernet0/=

regrests!

MHM Cisco World · ‎08-12-2022

I will correct your config

paul driver · ‎08-11-2022

Hello

I see an error in the config i sent you-Please change it the the following and test again?

route-map PBR deny 5
match ip address 100
route-map PBR permit 10
no match ip address 100

interface Vlan1
ip policy route-map PBR

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

diego.casanova91 · ‎08-12-2022

Hi Paul, now I a can reach 8.8.4.4 BUT for the same path (throght 10.10.0.1) and cant reach 8.8.8.8.

paul driver · ‎08-13-2022

Hello

Thats is because you have not removed the nat statements i suggested you to remove!

no ip route 0.0.0.0 0.0.0.0 10.10.0.1 name Default-salida

no ip nat inside source route-map NAT_SPLIT interface FastEthernet0/1 overload reversible

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 10.10.0.1 name Default-salida

ip nat inside source list 100 interface FastEthernet0/1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul