Re: Changed source address based on destination IP

John McNumara · ‎09-18-2014

Hello,

Suppose I had the following configuration in an IOS router

interface <interface type/number>

ip address 1.1.1.3 255.255.255.0 secondary

ip address 1.1.1.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

access-list standard INTERNET_BOUND_ACL

permit <lan subnet-id> <lan wildcard>

ip nat inside source list INTERNET_BOUND_ACL interface <interface type/number> overload

I need to change the source inside global IP address based on the destination outside global IP address.

Example: I need our source IP to be 1.1.1.3 when I ping 8.8.8.8

How would i accomplish this?

Collin Clark · ‎09-18-2014

You could do this with NAT. You may need PBR as well if there are only certain destinations you would to NAT and not all destinations.

Peter Paluch · ‎09-18-2014

Hi,

You would need to use two NAT pools and two different ACLs to separate your internal clients depending on the destination they want to communicate with, and to subsequently NAT them using a selected NAT pool. For example:

ip access-list extended NAT_2
permit ip <LAN Network> <Wildcard> <DestinationX> <WildcardX>
...
...
!
ip access-list extended NAT_3
permit ip <LAN Network> <Wildcard> <DestinationY> <WildcardY>
...
...
!
ip nat pool NATPOOL_2 1.1.1.2 1.1.1.2 netmask 255.255.255.0
ip nat pool NATPOOL_3 1.1.1.3 1.1.1.3 netmask 255.255.255.0
ip nat inside source list NAT_2 pool NATPOOL_2 overload
ip nat inside source list NAT_3 pool NATPOOL_3 overload

Exactly one of the ACLs should actually contain an entry saying

permit ip <LAN Network> <Wildcard> any

to make sure that the internal network gets translated to some of the two public addresses even if itt does not communicate with any specific destination IP.

Do you believe this could be a workable solution for you?

Best regards,
Peter

danielnavaspinzon · ‎09-20-2023

Thank you @Peter Paluch!