04-14-2012 04:45 PM - edited 03-04-2019 04:01 PM
Hi Guys,
Im trying to setup a static nat for a branch site so that any packets that come in over the WAN with the destination 192.168.25.148 are translated to 172.18.84.11. Any traffic with the destination of 172.18.84.11 should stay untouched.
I've applied the following config, and it works fine for the 192.168.25.148 address, but then traffic destined for 172.18.84.11 seems to also be affected. So basically, I want both the 192.168 and 172.18 addresses to both work.
Any help would be greatly appreciated.
Config:
ip nat inside source static 172.18.84.11 192.168.25.148
Thanks.
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
04-14-2012 05:15 PM
Michael
I understand what you are trying to do and the issue is that with static NAT as you have configured it when a packet comes to the router with source address of 172.18.84.11 then the router will translate the source address to 192.168.25.148 since you have defined a simple one to one translation. I wonder if it would work to make the translation conditional. Would you be able to identify certain sources that would access 172.18.84.11 and should not be translated? In that case perhaps an access list could identify who should not be translated and all others should be translated?
HTH
Rick
04-14-2012 05:15 PM
Michael
I understand what you are trying to do and the issue is that with static NAT as you have configured it when a packet comes to the router with source address of 172.18.84.11 then the router will translate the source address to 192.168.25.148 since you have defined a simple one to one translation. I wonder if it would work to make the translation conditional. Would you be able to identify certain sources that would access 172.18.84.11 and should not be translated? In that case perhaps an access list could identify who should not be translated and all others should be translated?
HTH
Rick
04-14-2012 05:31 PM
Hi Rick,
Ah, I wish I had thought of that before posting! Yep, it will only be particular souce IP ranges that will be needing the detinstation IP natted, so an ACL will do the trick!
Thanks again, much appreciated!
Michael.
04-14-2012 09:08 PM
Michael
I am glad that my suggestion pointed you toward a solution. That solution might have come to you eventually, but the nice thing about the forum is that you get the advantage of different eyes looking at the issue and a different perspective on possible solutions that save you some time in getting the problem solved.
Thank you for using the rating system to mark this question as answered. It makes the forum more useful when people can read about a question and can know that a solution was found. Your marking has contributed to this process.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide