CISCO Router NAT: Two internal VLAN's PAT out different routable WAN IP's (from contiguous block)

M-Square · ‎09-06-2017

Hello,

I have a configuration that I would like to brian storm with the community.

I have a CISCO router that presently has multiple internal VLANs traversing through it to the Internet. All VLAN's use one IP (159.89.10.178 ) on the WAN side that is setup for overload. This works great. On the WAN interface the ISP has provided use a small routable block (one of which we are using for PAT overload) and another being used for mapping.

Now the solution we are looking at getting working is;

I would like to have one of the internal VLAN's /24 (VLAN2) PAT out a different address from the public range than the main IP being used for overload. I would like VLAN2 to overload out 159.89.10.179. I'm sure this is 100% achievable but just trying to figure out the syntax to make it happen and thought it would be an interesting topic.

Snippet of current NAT config (The IP's have been sanitized for public posting)

interface GigabitEthernet0/0
description Public outside
ip address 159.89.10.178 255.255.255.248

interface GigabitEthernet0/1
description LAN: Trunk to internal VLANs
ip address 192.168.168.1 255.255.255.0
ip nat inside

ip nat inside source route-map NAT0 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.100.1 80 159.89.10.178 80 extendable
ip nat inside source static 192.168.100.100 159.89.10.1 extendable

ip access-list extended NAT0
permit ip 192.168.100.0 0.0.0.255 any
permit ip 192.168.200.0 0.0.0.255 any

Georg Pauwen · ‎09-06-2017

Hello,

the below configuration should achieve what you want to do:

ip access-list extended ACL_NAT_VLAN_2
permit ip 192.168.200.0 0.0.0.255 any

!

route-map RM_NAT_VLAN_2 permit 10
match ip address ACL_NAT_VLAN_2

!

ip nat pool POOL_VLAN_2 159.89.10.179 159.89.10.179 prefix-length 29

!

ip nat inside source route-map RM_NAT_VLAN_2 pool POOL_VLAN_2