Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1434
Views
0
Helpful
2
Replies

Dynamic Source NAT for multiple POOLS

Go to solution
Alfredo Bosca Bataller
Level 1
Level 1

‎01-18-2015 03:54 AM - edited ‎03-07-2019 10:16 PM

I am setting up Dynamic Source NAT with a few Pools and Access-list to translate according to the Access-list. However when configure some ACL don't work anything. And the ACL don't "match" any. I know that the correct way would be to apply the ACL about interface with "ip access-group <ACL-name> in/out" however in this case would be impossible to apply more one ACL with ip access-group command.

 

FurthermoreI have tested to creating a route-map named TEST with all ACLs; but cannot to create all "ip nat inside source route-map... " with the same route-map name. Also checked the cisco example: http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13739-nat-routemap.html...

Attach the all configurations.

 

I  need your help, 

Thanks in advance!

http://networkingcontrol.wordpress.com/ #CCNP CSCO11962956
Labels:
Preview file
85 KB
Preview file
1 KB
Preview file
2 KB
Preview file
1 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-18-2015 04:55 AM

I know that the correct way would be to apply the ACL about interface with "ip access-group <ACL-name> in/out" however in this case would be impossible to apply more one ACL with ip access-group command.

This would not be the correct way. An acl applied to the interface is only for filtering traffic through the router.

Try removing the "log" keyword from your acls and retest.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-18-2015 04:55 AM

I know that the correct way would be to apply the ACL about interface with "ip access-group <ACL-name> in/out" however in this case would be impossible to apply more one ACL with ip access-group command.

This would not be the correct way. An acl applied to the interface is only for filtering traffic through the router.

Try removing the "log" keyword from your acls and retest.

Jon

0 Helpful

Go to solution
Alfredo Bosca Bataller
Level 1
Level 1
In response to Jon Marshall

‎01-18-2015 08:43 AM

Oh my God!! Already works fine! I hadn't thought that "log"  would be a painful 

 

Thanks John Marshall! 

Attach my troubleshooting:


INET#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 195.77.205.33:49529 10.55.0.1:49529   4.2.2.2:22         4.2.2.2:22
tcp 200.200.200.1:62978 10.55.1.1:62978   4.2.2.2:4343       4.2.2.2:4343
tcp 195.77.205.20:13493 181.70.12.18:13493 195.47.200.32:443 195.47.200.32:443

 

Furthermore we can to check the "rotary option also works!"

"INET#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 195.77.205.33:57238 10.55.0.1:57238   4.2.2.2:22         4.2.2.2:22
tcp 195.77.205.33:16393 10.55.1.1:16393   4.2.2.2:22         4.2.2.2:22"

Thanks again!

http://networkingcontrol.wordpress.com/ #CCNP CSCO11962956
0 Helpful
Customers Also Viewed These Support Documents