Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
781
Views
15
Helpful
3
Replies

NAT with route-map

Go to solution
ohassairi
Level 5
Level 5

‎01-05-2021 09:54 PM - edited ‎01-05-2021 11:43 PM

hello

 

i have the following scenario:

 

PC1 (192.168.1.1) + PC 2 (192.168.1.2) connected to sw

sw connected to outside interface of Router (192.168.1.254)

inside interface of router (172.20.70.254) connected to server 172.20.70.1

i need the router to make NAT only for traffic between PC1 and server

traffic between PC2 and server should be routed normally without NAT

-----------------------------

i configured the following:

interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface FastEthernet1/0
ip address 172.20.70.254 255.255.255.0
ip nat inside
!
ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1
!
ip access-list extended acl1
deny ip host 172.20.70.1 host 192.168.1.2
permit ip host 172.20.70.1  host 192.168.1.1  
!
route-map rm1 permit 10
match ip address acl1

--------------------------------------------

when i ping from PC1 to 10.79.1.1 the router makes NAT (that's OK)

Pro Inside global Inside local Outside local Outside global
icmp 10.79.1.1:21582 172.20.70.1:21582 192.168.1.1:21582 192.168.1.1:21582

 

 

when i ping from PC2 to 10.79.1.1 the router makes also NAT (that's not OK. NAT should not happen)

Pro Inside global Inside local Outside local Outside global
icmp 10.79.1.1:44878 172.20.70.1:44878 192.168.1.2:44878 192.168.1.2:44878

 

can you help me understanding why this happen ?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ohassairi
Level 5
Level 5
In response to ohassairi

‎01-05-2021 11:47 PM

actually, i found that :

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1 

will apply the route-map only for traffic coming to inside interface

so if server sends  traffic to 192.168.1.1 nat will happen but if the destination is 192.168.1.2 then no NAT

but when some one sends traffic to server from outside so the Route-map will not work by definition 

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-05-2021 10:11 PM - edited ‎01-05-2021 10:11 PM

not sure what is the below IP :

 

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1

 

below simple NAT not working ? since you doing 1 to 1 NAT

ip nat inside source static 172.20.70.1 X.x.x.x ( should work right ?

 

or we missing some information here?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ohassairi
Level 5
Level 5
In response to balaji.bandi

‎01-05-2021 10:15 PM

10.79.1.1 is the NAT ip of internal server 172.20.70.1

ip nat inside source static 172.20.70.1 X.x.x.x  is not enough because it will make nat with both PCs
i need to make NAT only for traffic between PC1 and server, that's why i added route-map

 

Go to solution
ohassairi
Level 5
Level 5
In response to ohassairi

‎01-05-2021 11:47 PM

actually, i found that :

ip nat inside source static 172.20.70.1  10.79.1.1 route-map rm1 

will apply the route-map only for traffic coming to inside interface

so if server sends  traffic to 192.168.1.1 nat will happen but if the destination is 192.168.1.2 then no NAT

but when some one sends traffic to server from outside so the Route-map will not work by definition 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card