01-05-2010 11:30 PM - edited 03-04-2019 07:07 AM
Hello!
I have a problem.
I want to Source Nat Traffic going from one internal Host to one Specific External Host (remote system) to a specific IP on an outside Interface.
Any Idea?
Thanks!
E.g
(Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3)
Solved! Go to Solution.
01-06-2010 01:24 AM
Hi
Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3
Try this-
ip nat inside source static 10.1.1.1 3.3.3.3 route-map test
route-map test permit 10
match ip address 101
"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"
"for source port 25"
access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8
"for destination port 25 "
access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25
HTH
Regards
01-06-2010 01:24 AM
Hi
Traffic from Internal Host 10.1.1.1 Port 25 sent to 8.8.8.8 should get the External IP 3.3.3.3
Try this-
ip nat inside source static 10.1.1.1 3.3.3.3 route-map test
route-map test permit 10
match ip address 101
"Not sure if by port 25 you mean source or destination port (assuming the protocol as TCP)"
"for source port 25"
access-list 101 permit tcp host 10.1.1.1 eq 25 host 8.8.8.8
"for destination port 25 "
access-list 101 permit tcp host 10.1.1.1 host 8.8.8.8 eq 25
HTH
Regards
01-06-2010 01:58 AM
also you can use this config
ip nat pool pool1 3.3.3.3 3.3.3.3 prefix-length 24 ---- you need to put the requred prefix length (subnet)
ip nat inside source route-map map1 pool pool1
!
access-list 100 permit tcp host 10.1.1.1 host 8.8.8.8 eq smtp
!
route-map map1 permit 10
match ip address 100
good luck
if helpful Rate
01-06-2010 02:03 AM
Thanks Guys.
I made it without a route map... only with the access list defining..
ip nat inside source list 120 pool POOL_EXT overload
will this work also? i cannot test it (yet)
01-06-2010 02:10 AM
supposed to work
but sometimes with ACL dos not work .. why i do not know
if you got any problem just change it to oneof the ways mentioned above with route-map
good luck
if helpful Rate
01-06-2010 02:46 AM
Interestingly yes, sometimes acl doesnt work and whenever I faced NAT+ACL situation, I used to get very frustrated (not because I was not aware that I can use route-map but why ACL solution not working was the problem).
Today I got bit of hope as i read one of technology blog (not tested or verified with Cisco documentation)
It says "route-maps can match against extended access lists, whereas "ip nat inside source list" supports standard access lists only"
If this is true, NAT+route-map is the only solution here
HTH
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide