Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1807
Views
15
Helpful
3
Replies

NAT with route-map

Go to solution
ohassairi
Level 9
Level 9

‎01-05-2021 09:54 PM - edited ‎01-05-2021 11:43 PM

hello

 

i have the following scenario:

 

PC1 (192.168.1.1) + PC 2 (192.168.1.2) connected to sw

sw connected to outside interface of Router (192.168.1.254)

inside interface of router (172.20.70.254) connected to server 172.20.70.1

i need the router to make NAT only for traffic between PC1 and server

traffic between PC2 and server should be routed normally without NAT

-----------------------------

i configured the following:

interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface FastEthernet1/0
ip address 172.20.70.254 255.255.255.0
ip nat inside
!
ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1
!
ip access-list extended acl1
deny ip host 172.20.70.1 host 192.168.1.2
permit ip host 172.20.70.1  host 192.168.1.1  
!
route-map rm1 permit 10
match ip address acl1

--------------------------------------------

when i ping from PC1 to 10.79.1.1 the router makes NAT (that's OK)

Pro Inside global Inside local Outside local Outside global
icmp 10.79.1.1:21582 172.20.70.1:21582 192.168.1.1:21582 192.168.1.1:21582

 

 

when i ping from PC2 to 10.79.1.1 the router makes also NAT (that's not OK. NAT should not happen)

Pro Inside global Inside local Outside local Outside global
icmp 10.79.1.1:44878 172.20.70.1:44878 192.168.1.2:44878 192.168.1.2:44878

 

can you help me understanding why this happen ?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ohassairi
Level 9
Level 9
In response to ohassairi

‎01-05-2021 11:47 PM

actually, i found that :

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1 

will apply the route-map only for traffic coming to inside interface 🙂

so if server sends  traffic to 192.168.1.1 nat will happen but if the destination is 192.168.1.2 then no NAT

but when some one sends traffic to server from outside so the Route-map will not work by definition 

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-05-2021 10:11 PM - edited ‎01-05-2021 10:11 PM

not sure what is the below IP :

 

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1

 

below simple NAT not working ? since you doing 1 to 1 NAT

ip nat inside source static 172.20.70.1 X.x.x.x ( should work right ?

 

or we missing some information here?

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ohassairi
Level 9
Level 9
In response to balaji.bandi

‎01-05-2021 10:15 PM

10.79.1.1 is the NAT ip of internal server 172.20.70.1

ip nat inside source static 172.20.70.1 X.x.x.x  is not enough because it will make nat with both PCs
i need to make NAT only for traffic between PC1 and server, that's why i added route-map

 

Go to solution
ohassairi
Level 9
Level 9
In response to ohassairi

‎01-05-2021 11:47 PM

actually, i found that :

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1 

will apply the route-map only for traffic coming to inside interface 🙂

so if server sends  traffic to 192.168.1.1 nat will happen but if the destination is 192.168.1.2 then no NAT

but when some one sends traffic to server from outside so the Route-map will not work by definition 

Customers Also Viewed These Support Documents