cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5041
Views
10
Helpful
3
Replies
Highlighted
Beginner

NAT Based on Destination IP

I am looking for a NAT soltuion as per bellow architecture:

1. Local server 10.90.4.1 will access remote server 192.168.4.230 & 192.168.51.22 via NAT.

2. When Local server 10.90.4.1 send request to 192.168.4.230; request will be sent from IP source 192.168.230.66

3. Same Local server 10.90.4.1 send request to 192.168.51.22; request will be sent from IP source 192.168.250.66

4. command "ip nat inside source static 10.90.4.1 192.168.230.66" & "ip nat inside source static 10.90.4.1 192.168.250.66" works individually. But can't run them paralley.

Regards,

Fakrul

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

But can't run them paralley.

you can acheive this by route-map's.

ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1

ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66

route-map Nat-IP1 permit 10

match address 101

route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.

match address 102

Note:

nat separately for the internet traffic.

add route-map to the outside interface. and things should work for you

Hope this helps you,

Please rate the helpfull posts.

Regards

srikanth

View solution in original post

3 REPLIES 3
Highlighted
Enthusiast

But can't run them paralley.

you can acheive this by route-map's.

ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1

ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66

route-map Nat-IP1 permit 10

match address 101

route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.

match address 102

Note:

nat separately for the internet traffic.

add route-map to the outside interface. and things should work for you

Hope this helps you,

Please rate the helpfull posts.

Regards

srikanth

View solution in original post

Highlighted

I noticed that NAT Based on Destination IP doesn't work when you have logging enabled.

For example:

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66 log

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66 log

Is there any explanation for that?

Highlighted

The "Correct Answer" above is not correct.  It looks like Srikanth may have just mistyped in a few places.  His explanation otherwise appears to be correct.  Below are the correct commands.  I have tested and confirmed this worked in a Cisco lab performed on production grade equipment.

access-list 101 permit ip host 10.90.4.1 host 192.168.4.230
access-list 102 permit ip host 10.90.4.1 host 192.168.51.22
route-map NAT1
match address 101
route-map NAT2
match address 102
ip nat inside source static 10.90.4.1 192.168.230.66 route-map NAT1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map NAT2

(Plus your "ip nat inside" and "ip nat outside" on the appropriate interfaces.)

I know this is a fairly old thread, but I do like to refer to this example from time to time.  I just wanted to clean it up.  Thank you.

Content for Community-Ad