Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4064
Views
0
Helpful
7
Replies

Policy Based NAT

imranraheel
Level 1
Level 1

‎05-14-2015 02:35 PM - edited ‎03-05-2019 01:28 AM

I have a cisco 3750 where all my servers are connected & the uplink is to a 2921 router .

 

2921 has two interface G0/0 (Internal) connected to 3750 & G0/1 (External).

 

Now I want all my hosts to go to the external network without natting ,but want 1 host to nat when going to a specific IP in the external network . how will i be able to do this 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎05-14-2015 02:46 PM

Couple of questions -

1) will the connection always be initiated from the inside host or can it be initiated from the external host as well ?

2) what do you want to NAT it to eg. the outside interface IP of the 2921 or a different IP ?

Jon

0 Helpful

imranraheel
Level 1
Level 1
In response to Jon Marshall

‎05-14-2015 02:47 PM

It would be a two way connection . 

 

I want to NAT it to 172.17.62.5.

 

Original IP of the host is 192.168.62.5, also rest of the hosts are in the 192.168.1.0\24 range but i don't want them to be effected.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to imranraheel

‎05-15-2015 05:36 PM

Okay, if either side can initiate the connection then it needs to be a static NAT statement ie.

external IP = 172.16.10.2

int gi0/0
ip nat inside

int gi0/1
ip nat outside

access-list 101 permit ip host 192.168.62.5 host 172.16.10.2

route-map <rmap name> permit 10 
match ip address 101

ip nat inside source static 192.168.62.5 172.17.62.5 route-map <rmap name>

Jon

0 Helpful

karanmandaliyakd
Level 1
Level 1

‎12-25-2022 04:15 PM

It's not working some how, Is it good to share observations to get that worked?

ip nat inside source static 192.168.3.1 10.10.10.101 route-map NAT1

access-list 101 permit ip host 192.168.3.1 host 192.168.2.1

route-map NAT1 permit 10
match ip address 101

R1(config)#do ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms
R1(config)#do sh ip nat tra
Pro Inside global Inside local Outside local Outside global
R1(config)#

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to karanmandaliyakd

‎12-25-2022 05:07 PM

you need post your topology and full config for us to understand - technically the steps should work :

the request need to come from external IP 10.10.10.101 (in your case)

check below guide:

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13739-nat-routemap.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

karanmandaliyakd
Level 1
Level 1
In response to balaji.bandi

‎12-26-2022 11:20 AM

Hi Balaji. Bandi,

Thanks for your reply, It is working. I was trying to generate traffic from the router instead of the PC and was looking forward to NAT translate. I know it's silly but I realized it today and validated it. Which is working.

 

Thanks for your response. 

Karan Mandaliya

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to karanmandaliyakd

‎12-26-2022 01:17 PM

Glad all working as expected, we mark as resolved now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card