NAT all source IP to range 10.1.1.3-10.1.1.254 of WAN interface

getaway51 · ‎01-12-2020

Hi,

I need to NAT all incoming traffic from LAN to outgoing WAN interface but not to source IP of WAN interface(10.1.1.2) but to dynamic range of 10.1.1.3-10.1.1.254.

May I know how the config shld looks like?

Georg Pauwen · ‎01-12-2020

Hello,

do you mean a NAT pool ?

interface FastEthernet0/0

ip address 10.1.1.2 255.255.255.0

ip nat outside

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip nat pool ISP_POOL 10.1.1.3 10.1.1.254 netmask 255.255.255.0

ip nat inside source list 1 pool ISP_POOL overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

getaway51 · ‎01-13-2020

Hi,

If traffic initiated from WAN so tht dest IP NAT 10.1.1.3->192.168.1.2, wht config need to add in below?

interface FastEthernet0/0

ip address 10.1.1.2 255.255.255.0

ip nat outside

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip nat pool ISP_POOL 10.1.1.3 10.1.1.254 netmask 255.255.255.0

ip nat inside source list 1 pool ISP_POOL overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

RicardoSN · ‎01-12-2020

Hi gateway51,

With the little information given, I would say you could exclude with an standard ACL the /32 IPs (.1, .2 and .3) you don't want to translate, denying those on the first three entries and then in the fourth entry permiting the whole 10.1.1.0/24 block

Something like this:

access-list 50 deny host 10.1.1.1

access-list 50 deny host 10.1.1.2

access-list 50 deny host 10.1.1.3

access-list 50 permit 10.1.1.0 0.0.0.255

Then you should use that ACL on the global config command "ip nat inside source list 50...".

But maybe i didn't get very well what you really need, please try to give us more information to work with if that's the case.

-Ricardo S.N., Regards!