10-01-2012 12:10 AM - edited 03-07-2019 09:12 AM
I am looking for a NAT soltuion as per bellow architecture:
1. Local server 10.90.4.1 will access remote server 192.168.4.230 & 192.168.51.22 via NAT.
2. When Local server 10.90.4.1 send request to 192.168.4.230; request will be sent from IP source 192.168.230.66
3. Same Local server 10.90.4.1 send request to 192.168.51.22; request will be sent from IP source 192.168.250.66
4. command "ip nat inside source static 10.90.4.1 192.168.230.66" & "ip nat inside source static 10.90.4.1 192.168.250.66" works individually. But can't run them paralley.
Regards,
Fakrul
Solved! Go to Solution.
10-01-2012 12:32 AM
But can't run them paralley.
you can acheive this by route-map's.
ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66
route-map Nat-IP1 permit 10
match address 101
route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.
match address 102
Note:
nat separately for the internet traffic.
add route-map to the outside interface. and things should work for you
Hope this helps you,
Please rate the helpfull posts.
Regards
srikanth
10-01-2012 12:32 AM
But can't run them paralley.
you can acheive this by route-map's.
ip nat inside source static 10.90.4.1 192.168.230.66 route-map Nat-IP1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map Nat-IP1
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66
route-map Nat-IP1 permit 10
match address 101
route-map Nat-IP1 permit 100 -- >>>>>with different sequence number.
match address 102
Note:
nat separately for the internet traffic.
add route-map to the outside interface. and things should work for you
Hope this helps you,
Please rate the helpfull posts.
Regards
srikanth
03-09-2015 12:12 PM
I noticed that NAT Based on Destination IP doesn't work when you have logging enabled.
For example:
access-lists 101 permit ip host 10.90.4.1 host 192.168.230.66 log
access-list 102 permit ip host 10.90.4.1 host 192.168.250.66 log
Is there any explanation for that?
10-30-2015 12:13 PM
The "Correct Answer" above is not correct. It looks like Srikanth may have just mistyped in a few places. His explanation otherwise appears to be correct. Below are the correct commands. I have tested and confirmed this worked in a Cisco lab performed on production grade equipment.
access-list 101 permit ip host 10.90.4.1 host 192.168.4.230
access-list 102 permit ip host 10.90.4.1 host 192.168.51.22
route-map NAT1
match address 101
route-map NAT2
match address 102
ip nat inside source static 10.90.4.1 192.168.230.66 route-map NAT1
ip nat inside source static 10.90.4.1 192.168.250.66 route-map NAT2
(Plus your "ip nat inside" and "ip nat outside" on the appropriate interfaces.)
I know this is a fairly old thread, but I do like to refer to this example from time to time. I just wanted to clean it up. Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: