Solved: Re: Massive static NAT Translations

ealsina1153 · ‎03-29-2005

I have to perform many NAT translations on a router (over 300) for a management issue and I'd like to find a way to do that without having to set every single NAT command on the router.

Is there any way to do that? I thought of using wildcards or something of the sort but don't know if it's possible.

Thanks a lot,

Enric

tekha · ‎03-29-2005

Then this might help you.

ip nat inside source static network 10.10.10.0 192.168.17.0 /24

In this example it will NAT only the three first octets(24 bits), leaving the rest untouched.

eg. 10.10.10.27 will become 192.168.17.27,

10.10.10.141 will become 192.168.17.141 and so on and so on.

View solution in original post

tekha · ‎03-29-2005

Then this might help you.

ip nat inside source static network 10.10.10.0 192.168.17.0 /24

In this example it will NAT only the three first octets(24 bits), leaving the rest untouched.

eg. 10.10.10.27 will become 192.168.17.27,

10.10.10.141 will become 192.168.17.141 and so on and so on.

egain.com · ‎03-30-2005

you just need to look at your security and control over the nating.. If you do this any host with that internal ip will be allowed to go outside.. and you do not have control of selectively doing something..

regards

Rakesh

=====

tekha · ‎03-30-2005

That could be fixed by using a route-map.

Like this:

ip nat inside source static network 10.10.10.0 192.168.17.0 /24 route-map ALLOWED

ip access-list standard ALLOWED-LIST

deny 10.10.10.14

deny 10.10.10.26

permit 10.10.10.0 0.0.0.255

route-map ALLOWED permit 10

match ip address ALLOWED-LIST

This way, host 10.10.10.14 and 26, wouldn't be NATtet, all others would.

gbraver · ‎03-30-2005

I need to do something similar and wondering if there are any good examples on CCO (hopefully with digrams) that show "static" natting

cool.cisco · ‎03-30-2005

I would suggest to go for PAT instead of Nat this will make your life easier if no such security concerns you have...