Destination NAT

francisco_1 · ‎03-16-2010

Below is my router that's performing NAT. What i am simply trying to do is perform NAT based on the destination address. Any connection coming from inside targeting 172.16.1.1 and 172.17.1.1 routed on the outside subinterfaces, i would like to NAT overload using outside subinterfaces.

for example connection from inside (any) to 172.16.1.1, NAT using Ethernet0/0.60 address (192.168.60.1)

All seems to work fine. But just wanted to find out if this is the best way to perform destination NAT?

interface Ethernet0/0.60

des Outside Interface
encapsulation dot1Q 60
ip address 192.168.60.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf network point-to-point
!
interface Ethernet0/0.70

des Outside Interface
encapsulation dot1Q 70
ip address 192.168.70.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf network point-to-point
!
interface Ethernet0/1

des Inside Interface
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
half-duplex

ip nat inside source list 101 interface Ethernet0/0.60 overload
ip nat inside source list 102 interface Ethernet0/0.70 overload
!
access-list 101 permit ip any host 172.16.1.1
access-list 102 permit ip any host 172.17.1.1

kirancherian · ‎03-16-2010

Hi Francisco,

I am not too sure if we would call this a destination NAT, cause, as per the NAT command you are still translating the source address to 192.168.60.1 and 192.168.70.1 based on the matching ACL. The destination address will continue to remain 172.16.1.1 and 172.17.1.1.

Do correct me if i am wrong.

If the above is what we are trying to achieve then we are all good here.

-/ Kiran