Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
779
Views
1
Helpful
6
Replies

Subnet-to-subnet NAT on Nexus 9K

7tsommer
Level 1
Level 1

ā€Ž03-23-2023 03:35 PM

Hi. I'm trying to do some static NAT on a Nexus 9K and was wondering if there's a way to have it automatically do a one-for-one translation based on subnets instead of host IPs. In other words, I'd like to translate the Outside Global subnet of 192.168.0.x/24 to an Inside Global subnet of 10.0.0.x/24 where .x is the same on both sides. I can already successfully do this with a translation for each host address with a bunch of "ip nat outside source static <outside_global> <outside_local> add-route" commands using host IPs, but I'd like to simplify it by translating the whole subnet. Is this possible on Nexus 9Ks? I do believe there was a "network" keyword on IOS that allowed this, but I don't see it on Nexus.

Note that I can also successfully do the same one-for-one host translation by flipping which interfaces are inside and outside and using "ip nat inside source static <inside_local> <inside_global>" commands (this one doesn't require the "add-route" keyword), so if it's only possible to translate whole subnets one-for-one using inside source, I have that option as well.

Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

ā€Ž03-23-2023 04:37 PM

I dont get totally your Q but 
in ip nat pool there is type keyoward which give you two option 
A- rotary 
B-match host <<- match host make you NAT same host IP, i.e. inside subnet 10.0.0.0 outside subnet 100.0.0.0
the host 
10.0.0.1 will NAT to 100.0.0.1 ...etc.

0 Helpful

7tsommer
Level 1
Level 1
In response to MHM Cisco World

ā€Ž03-24-2023 07:12 AM

There doesn't appear to be a "type" option at all in the nat pool command on the NX-OS platform. 

MHM Cisco World
VIP
VIP
In response to 7tsommer

ā€Ž03-24-2023 07:20 AM

I will check NSK available command 

0 Helpful

MHM Cisco World
VIP
VIP
In response to 7tsommer

ā€Ž03-26-2023 02:29 PM

Yes I check match host is missing from NAT pool in NSK-9000.
thanks 
MHM

0 Helpful

paul driver
VIP
VIP

ā€Ž03-23-2023 09:13 PM - edited ā€Ž03-23-2023 09:14 PM

Hello

@7tsommer wrote:
 I'd like to translate the Outside Global subnet of 192.168.0.x/24 to an Inside Global subnet of 10.0.0.x/24 where .x is the same on both sides.

Try the following:
ip access-list extended 100
deny ip host 10.0.0.1 any
deny ip host 10.0.0.254 any
permit ip 10.0.0.0 0.0.0.255 any

ip nat pool 1to1_NAT 192.168.0.2 .192.168.0.253 prefix-length 24 type match-host
ip nat inside source list 100 pool 1to1_NAT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful

7tsommer
Level 1
Level 1
In response to paul driver

ā€Ž03-24-2023 07:10 AM

Unfortunately, I don't think NX-OS includes the "type" or "match-host" keywords in the "ip nat pool" command.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card