Solved: The "Correct Answer" above is

bdhublimited · ‎10-01-2012

I am looking for a NAT soltuion as per bellow architecture:

1. Local server 10.90.4.1 will access remote server 192.168.4.230 & 192.168.51.22 via NAT.

2. When Local server 10.90.4.1 send request to 192.168.4.230; request will be sent from IP source 192.168.230.66

3. Same Local server 10.90.4.1 send request to 192.168.51.22; request will be sent from IP source 192.168.250.66

4. command "ip nat inside source static 10.90.4.1 192.168.230.66" & "ip nat inside source static 10.90.4.1 192.168.250.66" works individually. But can't run them paralley.

Regards,

Fakrul

srikanth ath · ‎10-01-2012

But can't run them paralley.

you can acheive this by route-map's.

ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1

ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66

route-map Nat-IP1 permit 10

match address 101

route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.

match address 102

Note:

nat separately for the internet traffic.

add route-map to the outside interface. and things should work for you

Hope this helps you,

Please rate the helpfull posts.

Regards

srikanth

View solution in original post

srikanth ath · ‎10-01-2012

But can't run them paralley.

you can acheive this by route-map's.

ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1

ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66

route-map Nat-IP1 permit 10

match address 101

route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.

match address 102

Note:

nat separately for the internet traffic.

add route-map to the outside interface. and things should work for you

Hope this helps you,

Please rate the helpfull posts.

Regards

srikanth

rustamovea · ‎03-09-2015

I noticed that NAT Based on Destination IP doesn't work when you have logging enabled.

For example:

access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66 log

access-list 102 permit ip host 10.90.4.1 host 192.168.250.66 log

Is there any explanation for that?

jmapesreinhardt · ‎10-30-2015

The "Correct Answer" above is not correct. It looks like Srikanth may have just mistyped in a few places. His explanation otherwise appears to be correct. Below are the correct commands. I have tested and confirmed this worked in a Cisco lab performed on production grade equipment.

access-list 101 permit ip host 10.90.4.1 host 192.168.4.230
access-list 102 permit ip host 10.90.4.1 host 192.168.51.22
route-map NAT1
match address 101
route-map NAT2
match address 102
ip nat inside source static 10.90.4.1 192.168.230.66 route-map NAT1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map NAT2

(Plus your "ip nat inside" and "ip nat outside" on the appropriate interfaces.)

I know this is a fairly old thread, but I do like to refer to this example from time to time. I just wanted to clean it up. Thank you.