03-30-2013 06:22 AM - edited 03-07-2019 12:32 PM
Hello all,
I am using a 1941 cisco router and i have to prefom nat between two interfaces.
The first interface will allow only specific vlan and the other will nat all the rest of the network.
How can i acheive that?
Solved! Go to Solution.
04-01-2013 06:33 AM
HI Vidal,
As per my understanding you are trying to use NAT for two separate Outside interfaces, probably links by two ISP's
Check this document:
https://supportforums.cisco.com/docs/DOC-8313
It has your scenario explained in terms of Nating. Basically what you need is to implement Policy Based NAT where a route-map will be applied on the "ip nat inside source" command which will match ACL as well as the outgoing interface.
Another useful link for this would be:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml
Hope it helps
Neeraj
04-01-2013 07:15 AM
Hello,
If I understand correctly, you want to NAT based on source from different IP's, to different interfaces? You could do this - as an example:
Your ACL's
!
ip access-list extended ACL_ANY
permit ip any any
!
ip access-list extended ACL_192
permit ip 192.168.30.0 0.0.0.255 any
deny ip any any
!
!
Your Policy Based Route-Maps
!
route-map PBR permit 10
match ip address ACL_192
set ip next-hop x.x.x.x
!
route-map PBR permit 20
match ip address ACL_ANY
set ip next-hop y.y.y.y
!
(doesnt have to be ip next-hop, can be interface exit point too)
!
Route-maps for your NAT statements
!
route-map NAT_192 permit 10
match ip address ACL_192
match interface XXXX
!
route-map NAT_ANY permit 10
match ip address ACL_ANY
match interface YYYY
!
(Interface will be where the next hop ip will live i.e. exit point)
!
Policy based routing on the inside interface
!
interface LOCAL
ip nat inside
ip policy route-map PBR
!
interface XXXX
ip nat outside
!
interface YYYY
ip nat outside
!
Your NAT statements
ip nat inside source route-map NAT_ANY interface YYYY overload
ip nat inside source route-map NAT_192 interface XXXX overload
I think this will do it...
I hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
03-30-2013 07:36 AM
Hi,
Follow this link for some config examples:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
HTH
03-31-2013 02:12 AM
My problem is that i have to interfaces that i should nat to the internet, i want to route only one network to 1 interface
and all the other traffic to the other interface how can i do that?
The link you sent me didnt mention this case.
This is what i have configured:
ip nat inside source list MY-NAT-Acl interface Vlan999 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
ip access-list extended MY-NAT-Acl
permit ip any any
!
access-list 100 permit ip 192.168.30.0 0.0.0.255 host 0.0.0.0
!
route-map Voip-Line permit 10
match ip address 100
set ip next-hop x.x.x.x
set ip next-hop verify-availability
!
!
04-01-2013 06:33 AM
HI Vidal,
As per my understanding you are trying to use NAT for two separate Outside interfaces, probably links by two ISP's
Check this document:
https://supportforums.cisco.com/docs/DOC-8313
It has your scenario explained in terms of Nating. Basically what you need is to implement Policy Based NAT where a route-map will be applied on the "ip nat inside source" command which will match ACL as well as the outgoing interface.
Another useful link for this would be:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml
Hope it helps
Neeraj
04-01-2013 07:15 AM
Hello,
If I understand correctly, you want to NAT based on source from different IP's, to different interfaces? You could do this - as an example:
Your ACL's
!
ip access-list extended ACL_ANY
permit ip any any
!
ip access-list extended ACL_192
permit ip 192.168.30.0 0.0.0.255 any
deny ip any any
!
!
Your Policy Based Route-Maps
!
route-map PBR permit 10
match ip address ACL_192
set ip next-hop x.x.x.x
!
route-map PBR permit 20
match ip address ACL_ANY
set ip next-hop y.y.y.y
!
(doesnt have to be ip next-hop, can be interface exit point too)
!
Route-maps for your NAT statements
!
route-map NAT_192 permit 10
match ip address ACL_192
match interface XXXX
!
route-map NAT_ANY permit 10
match ip address ACL_ANY
match interface YYYY
!
(Interface will be where the next hop ip will live i.e. exit point)
!
Policy based routing on the inside interface
!
interface LOCAL
ip nat inside
ip policy route-map PBR
!
interface XXXX
ip nat outside
!
interface YYYY
ip nat outside
!
Your NAT statements
ip nat inside source route-map NAT_ANY interface YYYY overload
ip nat inside source route-map NAT_192 interface XXXX overload
I think this will do it...
I hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
03-31-2013 05:32 AM
hi,
I have met this problem,According to the general situation ,config the nat on the two intfaces.The key is using
Extend ACL to control the packets how to go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide