ā01-05-2010 11:30 PM - edited ā03-04-2019 07:07 AM
Hello!
I have a problem.
I want to Source Nat Traffic going from one internal Host to one Specific External Host (remote system) to a specific IP on an outside Interface.
Any Idea?
Thanks!
E.g
(Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3)
Solved! Go to Solution.
ā01-06-2010 01:24 AM
Hi
Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3
Try this-
ip nat inside source static 10.1.1.1 3.3.3.3 route-map test
route-map test permit 10
match ip address 101
"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"
"for source port 25"
access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8
"for destination port 25 "
access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25
HTH
Regards
ā01-06-2010 01:24 AM
Hi
Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3
Try this-
ip nat inside source static 10.1.1.1 3.3.3.3 route-map test
route-map test permit 10
match ip address 101
"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"
"for source port 25"
access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8
"for destination port 25 "
access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25
HTH
Regards
ā01-06-2010 01:58 AM
also you can use this config
ip nat pool pool1 3.3.3.3 3.3.3.3 prefix-length 24 ---- you need to put the requred prefix length (subnet)
ip nat inside source route-map map1 pool pool1
!
access-list 100 permit tcp host 10.1.1.1 host 8.8.8.8 eq smtp
!
route-map map1 permit 10
match ip address 100
good luck
if helpful Rate
ā01-06-2010 02:03 AM
Thanks Guys.
I made it without a route map... only with the access list defining..
ip nat inside source list 120 pool POOL_EXT overload
will this work also? i cannot test it (yet)
ā01-06-2010 02:10 AM
supposed to work
but sometimes with ACL dos not work .. why i do not know
if you got any problem just change it to oneof the ways mentioned above with route-map
good luck
if helpful Rate
ā01-06-2010 02:46 AM
Interestingly yes, sometimes acl doesnt work and whenever I faced NAT+ACL situation, I used to get very frustrated (not because I was not aware that I can use route-map but why ACL solution not working was the problem).
Today I got bit of hope as i read one of technology blog (not tested or verified with Cisco documentation)
It says "route-maps can match against extended access lists, whereas "ip nat inside source list" supports standard access lists only"
If this is true, NAT+route-map is the only solution here
HTH
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: