Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1322
Views
0
Helpful
4
Replies

Selective NAT

Go to solution
lcaruso
Level 6
Level 6

ā€Ž11-28-2012 03:10 PM - edited ā€Ž03-04-2019 06:15 PM

Hi,

On an 887VA running 15.x IOS, is there a way to support both public and private addresses on inside vlans? The outside interface is public static ip, so the requirement would be to not nat anything if coming from inside vlan10 but nat if coming from inside vlan20.

I didn't think this was possible since the outside interface would have to use an outside nat command that would not be ignored for traffic coming from vlan10.

Maybe there's a trick that supports both needs?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Raju Sekharan
Cisco Employee
Cisco Employee

ā€Ž11-28-2012 03:35 PM

When you configure nat you can specify in the access-list which range of inside IP addresses you want to NAT. NAt will process only those, rest of the source IPs gets routed without NAT

ip nat inside source list interface overload


View solution in original post

0 Helpful
4 Replies 4

Go to solution
Raju Sekharan
Cisco Employee
Cisco Employee

ā€Ž11-28-2012 03:35 PM

When you configure nat you can specify in the access-list which range of inside IP addresses you want to NAT. NAt will process only those, rest of the source IPs gets routed without NAT

ip nat inside source list interface overload


0 Helpful

Go to solution
stephen.stack
Level 4
Level 4

ā€Ž11-28-2012 03:38 PM

Hi

So you want to host a public IP address inside your router?  Well, sure it's possible, and it's as easy as adding a static route tothe 887. If NAT is setup correctly, you will only NAT IP addresses with source IP of your internal LAN address space.

So, if you add a static route on your 887 to an internal IP address, where this Public IP is to be configured, then when traffic is originated (sourced) from this public 'internal' IP, it will never NAT, and it will just route becuase it will not hit any NAT ACL etc.. The oppostie is also true for inbound traffic

Can send on some sample config, but let me know if this is what you are aiming for?

Regards

Stephen

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to stephen.stack

ā€Ž11-28-2012 03:50 PM

I think the previous post explains it, but thanks just as well for your post.

Did you write Rconfig? Looks interesting.

Thanks.

0 Helpful

Go to solution
stephen.stack
Level 4
Level 4
In response to lcaruso

ā€Ž11-28-2012 04:01 PM

agreed, much more straight forward than my explanation

Yup, rConfig is all mine, over a year in the making. Sign up for the release - Dec 14th. Hoping to blow some of those over priced config management tools out of the water

Regards

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card