Re: Static NAT w/ Pool to specific WAN IP

CompuVision Admin · ‎11-24-2010

I have the following problem. I have a nat pool and route map defined to NAT certain internal subnets to a specific WAN IP. Works fine. I then have a Static NAT entry for port 25 to our Exchange Server listening on another specific WAN IP. Works great INBOUND but OUTBOUND all connections from Exchange seem to go out matching the NAT POOL.

I've used a similiar config before but not using NAT POOLS and it worked fine. What is the best way around this?

Goal: Server 10.1.11.2 outbound connections go out on 209.*.*.135

ip nat pool pri-servers-pool 209.*.*.131 209.*.*.131 netmask 255.255.255.240
ip nat inside source route-map outbound-pri-servers pool pri-servers-pool overload
ip nat inside source static tcp 10.1.11.2 25 209.*.*.135 25 extendable
access-list 2 permit 10.1.10.0 0.0.0.255
access-list 2 permit 10.1.11.0 0.0.0.255
route-map outbound-pri-servers permit 10
  match ip address 2
  match interface FastEthernet0

bogdand27 · ‎11-25-2010

hello,

Can you post sh ip nat trans for 10.1.11.2.

thx

cadet alain · ‎11-25-2010

Hi,

ip nat pool pri-servers-pool 209.*.*.131 209.*.*.131 netmask 255.255.255.240

ip nat inside source route-map outbound-pri-servers pool pri-servers-pool overload

ip nat inside source static tcp 10.1.11.2 25 209.*.*.135 25 extendable

access-list 2 permit 10.1.10.0 0.0.0.255

access-list 2 permit 10.1.11.0 0.0.0.255

route-map outbound-pri-servers permit 10

match ip address 2

match interface FastEthernet0

if you want outbound traffic initiated by your server to use the *.135 address then

1) in ACL 2 :

ip access-list standard 2

15 deny host 10.1.11.2

2) create a second pool for this server with another ACL permitting this host

Regards.

Don't forget to rate helpful posts.