01-12-2020 07:03 PM
Hi,
I need to NAT all incoming traffic from LAN to outgoing WAN interface but not to source IP of WAN interface(10.1.1.2) but to dynamic range of 10.1.1.3-10.1.1.254.
May I know how the config shld looks like?
01-12-2020 07:34 PM
Hello,
do you mean a NAT pool ?
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat pool ISP_POOL 10.1.1.3 10.1.1.254 netmask 255.255.255.0
ip nat inside source list 1 pool ISP_POOL overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
01-13-2020 04:33 AM
Hi,
If traffic initiated from WAN so tht dest IP NAT 10.1.1.3->192.168.1.2, wht config need to add in below?
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat pool ISP_POOL 10.1.1.3 10.1.1.254 netmask 255.255.255.0
ip nat inside source list 1 pool ISP_POOL overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
01-12-2020 07:35 PM - edited 01-12-2020 07:37 PM
Hi gateway51,
With the little information given, I would say you could exclude with an standard ACL the /32 IPs (.1, .2 and .3) you don't want to translate, denying those on the first three entries and then in the fourth entry permiting the whole 10.1.1.0/24 block
Something like this:
access-list 50 deny host 10.1.1.1
access-list 50 deny host 10.1.1.2
access-list 50 deny host 10.1.1.3
access-list 50 permit 10.1.1.0 0.0.0.255
Then you should use that ACL on the global config command "ip nat inside source list 50...".
But maybe i didn't get very well what you really need, please try to give us more information to work with if that's the case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: