NAT Secondary Public IP

drenich · ‎09-13-2011

I have 1 2821 router with several IP addresses from a single provider. The IP addresses are not contiguous.

I would like to NAT different internal subnets to different external IP's. i.e. map 10.1.1.0 to x.x.220.68 and 10.1.2.0 to x.x.220.70 and 10.1.3.0 to x.x.105.184.

I currently have

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload

that translates everything to x.x.105.184.

What would be the best way to setup the NAT statements to be able to divide up the subnets?

cadet alain · ‎09-13-2011

Hi,

Try this:

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

access-list 102 permit 10.1.2.0 0.0.0.255 any

access-list 103 10.1.3.0 0.0.0.255 any

route-map 101 pemit 10

match ip address 101

route-map 102 permit 10

match ip address 102

route-map 103 permit 10

match ip address 103

ip pool pool-101 xx.220-68 xx.220.68 prefix-length/32

ip pool pool-102 xx.220.70 xx.220.70 prefix-length /32

ip pool pool-103 xx.105.184 xx.105.184 prefix-length /32

ip nat inside source route-map 101 pool pool-101 overload

ip nat inside source route-map 102 pool pool-102 overload

ip nat inside source route-map 103 pool pool-103 overload

Regards.

Alain.

Don't forget to rate helpful posts.

drenich · ‎09-13-2011

It seems to be close.

It looks like parts of the other subnets are getting stuck in the default deny at the end of access-list 101. I put deny ip any any log at the end of access-list 101 and it was catching addresses from the other 2 subnets.

Also my IOS version (12.4.(24)T2) does not allow for a prefix-length of 32. The smallest it will go is 30.

Any more thoughts?

Thanks,

Dan

cadet alain · ‎09-13-2011

Hi,

put the prefix-length of the subnet your ip is in.

An ACL in a route-map is not used as when it is as a traffic filter. if there is no match for ACL 101 then route-map 101 will not be used. So it should work this way.

Regards.

Alain.

Don't forget to rate helpful posts.