06-18-2014 08:59 AM - edited 03-07-2019 07:46 PM
Hi Masters,
I need to add a route-map to a static NAT but the option seems to be available only if using inside/outside NAT, not if using enable NAT.
This is a CISCO1921/K9 running 15.2(4)M6
Here's what I mean:
R2(config)#ip nat inside source static 192.168.3.20 10.10.10.20 ? --> allows the route-map option to be appended
extendable Extend this translation when used
mapping-id Associate a mapping id to this mapping
no-alias Do not create an alias for the global address
no-payload No translation of embedded address/port in the payload
redundancy NAT redundancy operation
route-map Specify route-map
vrf Specify vrf
<cr>
R2(config)#ip nat source static 192.168.3.20 10.10.10.20 ? --> no route-map option
extendable Extend this translation when used
no-alias Do not create an alias for the global address
no-payload No translation of embedded address/port in the payload
vrf Specify vrf
<cr>
What I need is multiple dynamic and static NAT rules between multiple interfaces, so I need a way to assign multiple static NAT depending on the destination.
For example, if server 192.168.3.0 wants to go to VLAN A, get statically translated to IP 1.
If the same server 192.168.3.0 wants to go to VLAN B, get statically translated to IP 2.
AS far as I know I need a route-map attached to the static NAT statements to make this happen, but the option is not available as shown above. And I don't want to use normal inside/outside NAT since I need the interfaces to allow NAT in both directions.
If anybody can share some light will be very appreciated!
06-18-2014 01:04 PM
Hello
II am on the understandinmg that in domain nased nat ( inside/outside) route-maps allows nat to read scr & dst in the acl before translation, and when just defining an acl, Nat only reads the scr address before nat translation. plus its nat order of operation is different for inside and outside
inside- route-lookup then nat translation
outside - nat translation then route-lookup
However domain-less nat ( ip nat enable) performs the same order of operation in either direction so with this in mind have you tried just using a exteneded acl with the domain-less nat?
res
Paul
06-18-2014 01:21 PM
Thank you Paul what you say makes sense.
However I cannot call an ACL from the static NAT statement without a route-map. This is what you're suggesting?
06-18-2014 03:24 PM
Hello
Yes , you have verified that yourself - what i am trying to suggest is to use either of these to accomplish your nat translation using domain-less NAT
- extended acl defining scr & dst and nat pool to define a global address
ip nat source list 100 pool POOL
- extended acl defining scr & dst called by a route-map and a nat pool to define a global address
ip nat source route-map ROUTEMAP pool POOL
- static using the extendable key word
ip nat source static (udp/tcp) 192.168.1.1 (port) global-ip (port) extendable
ip nat source static (udp/tcp) 192.168.1.1 (port) global-iip (port) extendable
res
Paul
06-19-2014 07:06 AM
Paul,
The commands:
ip nat source list or ip nat source route-map works fine for dynamic NAT or PAT, but I need static NAT.
And the Static PAT statements won’t work since we need all ports defined.
So, I guess I need a way to map static NAT depending on the destination using domain-less NAT.
Can this be accomplished?
06-19-2014 11:18 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide