10-01-2012 12:10 AM - edited 03-07-2019 09:12 AM
I am looking for a NAT soltuion as per bellow architecture:
1. Local server 10.90.4.1 will access remote server 192.168.4.230 & 192.168.51.22 via NAT.
2. When Local server 10.90.4.1 send request to 192.168.4.230; request will be sent from IP source 192.168.230.66
3. Same Local server 10.90.4.1 send request to 192.168.51.22; request will be sent from IP source 192.168.250.66
4. command "ip nat inside source static 10.90.4.1 192.168.230.66" & "ip nat inside source static 10.90.4.1 192.168.250.66" works individually. But can't run them paralley.
Regards,
Fakrul
Solved! Go to Solution.
10-01-2012 12:32 AM
But can't run them paralley.
you can acheive this by route-map's.
ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66
route-map Nat-IP1 permit 10
match address 101
route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.
match address 102
Note:
nat separately for the internet traffic.
add route-map to the outside interface. and things should work for you
Hope this helps you,
Please rate the helpfull posts.
Regards
srikanth
10-01-2012 12:32 AM
But can't run them paralley.
you can acheive this by route-map's.
ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66
route-map Nat-IP1 permit 10
match address 101
route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.
match address 102
Note:
nat separately for the internet traffic.
add route-map to the outside interface. and things should work for you
Hope this helps you,
Please rate the helpfull posts.
Regards
srikanth
03-09-2015 12:12 PM
I noticed that NAT Based on Destination IP doesn't work when you have logging enabled.
For example:
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66 log
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66 log
Is there any explanation for that?
10-30-2015 12:13 PM
The "Correct Answer" above is not correct. It looks like Srikanth may have just mistyped in a few places. His explanation otherwise appears to be correct. Below are the correct commands. I have tested and confirmed this worked in a Cisco lab performed on production grade equipment.
access-list 101 permit ip host 10.90.4.1 host 192.168.4.230
access-list 102 permit ip host 10.90.4.1 host 192.168.51.22
route-map NAT1
match address 101
route-map NAT2
match address 102
ip nat inside source static 10.90.4.1 192.168.230.66 route-map NAT1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map NAT2
(Plus your "ip nat inside" and "ip nat outside" on the appropriate interfaces.)
I know this is a fairly old thread, but I do like to refer to this example from time to time. I just wanted to clean it up. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide