Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
755
Views
0
Helpful
4
Replies

ip nat outside source static and dynamic NAT aka PAT question

jasonww04
Level 1
Level 1

‎05-24-2013 10:53 AM - edited ‎03-07-2019 01:32 PM

Below is the relevant part of my router config. What I'm trying to achieve is all traffic ultimately going to 68.164.204.26 be sent to 10.72.2.10 from all devices on the inside of my network. So, if host 10.61.23.101 wants to send to 68.164.204.26, it sends to 10.72.2.10 and the router NATs it. When the traffic arrives at 68.164.204.26, I want it to appear as if it came from 64.106.189.18, the WAN port on my router.

What am I missing?

interface FastEthernet1

ip address 64.106.189.18 255.255.255.248

ip accounting output-packets

ip nat outside

ip virtual-reassembly

load-interval 30

speed 100

full-duplex

crypto map VPN

!

interface FastEthernet2

switchport access vlan 2

interface Vlan2

ip address 10.72.1.2 255.255.0.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 64.106.189.17

!

!

ip nat inside source route-map NAT interface FastEthernet1 overload

ip nat inside source static udp 10.61.17.52 5060 64.106.189.18 5060 extendable

ip nat outside source static 68.164.204.26 10.72.2.10

!

ip access-list extended NAT

deny   ip 10.72.0.0 0.0.255.255 10.11.0.0 0.0.255.255

permit ip 10.72.0.0 0.0.255.255 any

route-map NAT permit 10

match ip address NAT

Labels:
0 Helpful
4 Replies 4

tsimons
Level 1
Level 1

‎05-24-2013 12:31 PM

I think you're thinking about this too hard.  How about this?

!

ip route 68.164.204.26 255.255.255.255 10.72.2.10

!

!

ip nat pool WAN 68.164.204.18 68.164.204.18 netmask 255.255.255.248

ip nat inside source list NAT pool WAN overload

!


ip access-list extended NAT

deny   ip 10.72.0.0 0.0.255.255 10.11.0.0 0.0.255.255

permit ip 10.72.0.0 0.0.255.255 any


route-map NAT permit 10

match ip address NAT

set ip next-hop 64.106.189.17

Let me know if that works.

0 Helpful

jasonww04
Level 1
Level 1
In response to tsimons

‎05-24-2013 02:20 PM

10.72.2.10 isn't actually on any device so I can't use it as a next hop. I want certain hosts to send traffic to 10.72.2.10 whenever they need to get to 68.164.204.26.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-24-2013 03:35 PM

Hello Jason,

On which interface is 10.61?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jasonww04
Level 1
Level 1
In response to Julio Carvajal

‎06-11-2013 10:58 AM

10.61 isn't on any interface. The 10.61. network is known to the router.

0 Helpful
Customers Also Viewed These Support Documents
Top