cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3312
Views
0
Helpful
12
Replies
Beginner

NAT based on source address ?

When i configure NAT like this:

ip access-list extended acl_NAT_OTHERS

permit ip host 10.0.0.34 host 192.168.1.1

ip access-list extended acl_NAT_CUSTA

permit ip host 10.0.0.35 host 192.168.2.1

!

route-map rmap_NAT_CUSTA permit 10

match ip address acl_NAT_CUSTA

route-map rmap_NAT_OTHERS permit 10

match ip address acl_NAT_OTHERS

cisco# ip nat inside source static 10.0.0.34 172.16.0.34 route-map rmap_NAT_OTHERS

cisco# ip nat inside source static 10.0.0.35 172.16.0.34 route-map rmap_NAT_CUSTA

after last line i get:

% 10.0.0.35 already mapped (10.0.0.34 -> 172.16.0.34)

i tried extendable option too. I still get this error.

What i try to achieve is:

When i connect fom 192.168.1.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.34 and

when  i connect fom 192.168.2.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.35

Please please please help!

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

NAT based on source address ?

Good morning ZbigniewJ

Thanks for using our forum

I recommend to you to use NAT overload instead of static NAT, with this commands

ip access-list extended acl_NAT_OTHERS

permit ip host 10.0.0.34 host 192.168.1.1

ip access-list extended acl_NAT_CUSTA

permit ip host 10.0.0.35 host 192.168.2.1 

ip nat inside source list [ACL-name-1] interface [interface] overload

ip nat inside source list [ACL-name-2] interface [interface] overload

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Greetings,

Johnnatan Rodriguez Miranda

View solution in original post

Highlighted
Hall of Fame Guru

Re: NAT based on source address ?

What i try to achieve is:

When i connect fom 192.168.1.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.34 and

when i connect fom 192.168.2.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.35

You have your acls and NAT wrong, change it to this and retry -

ip access-list extended acl_NAT_OTHERS

permit ip host 192.168.1.1 host 172.16.0.34

ip access-list extended acl_NAT_CUSTA

permit ip host 192.168.2.1 host 172.16.0.34

!

route-map rmap_NAT_CUSTA permit 10

match ip address acl_NAT_CUSTA

route-map rmap_NAT_OTHERS permit 10

match ip address acl_NAT_OTHERS

ip nat inside source static 192.168.1.1 10.0.0.34 route-map rmap_NAT_OTHERS

ip nat inside source static 192.168.2.1 10.0.0.35 route-map rmap_NAT_CUSTA

Jon

View solution in original post

12 REPLIES 12
Highlighted

NAT based on source address ?

Good morning ZbigniewJ

Thanks for using our forum

I recommend to you to use NAT overload instead of static NAT, with this commands

ip access-list extended acl_NAT_OTHERS

permit ip host 10.0.0.34 host 192.168.1.1

ip access-list extended acl_NAT_CUSTA

permit ip host 10.0.0.35 host 192.168.2.1 

ip nat inside source list [ACL-name-1] interface [interface] overload

ip nat inside source list [ACL-name-2] interface [interface] overload

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Greetings,

Johnnatan Rodriguez Miranda

View solution in original post

Highlighted
Beginner

Re: NAT based on source address ?

Dammm, i accidentally clicked "answered' where in fact it doesn't solve my problem.

I cant use overload cause traffic can be initiated from both sides.

What i'm trying to do is some kind of load balacing. Client connect to the same IP but depending on source address they are redirected to server assigned to them.

I even tried to to this using SLB, but then i cant permamently assign phisical server to customer.

edit: can someone mark it unanswered?

Highlighted
Hall of Fame Guru

Re: NAT based on source address ?

What i try to achieve is:

When i connect fom 192.168.1.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.34 and

when i connect fom 192.168.2.1 to 172.16.0.34 i'm dest. NATed to 10.0.0.35

You have your acls and NAT wrong, change it to this and retry -

ip access-list extended acl_NAT_OTHERS

permit ip host 192.168.1.1 host 172.16.0.34

ip access-list extended acl_NAT_CUSTA

permit ip host 192.168.2.1 host 172.16.0.34

!

route-map rmap_NAT_CUSTA permit 10

match ip address acl_NAT_CUSTA

route-map rmap_NAT_OTHERS permit 10

match ip address acl_NAT_OTHERS

ip nat inside source static 192.168.1.1 10.0.0.34 route-map rmap_NAT_OTHERS

ip nat inside source static 192.168.2.1 10.0.0.35 route-map rmap_NAT_CUSTA

Jon

View solution in original post

Highlighted
Beginner

NAT based on source address ?

Ghrrrrr! This UI is not well-designed I clicked "correct anwer" insdead of "reply" again! (or rather its just me )

Jon, are you sure of what you sayin?

ip nat inside source static 192.168.1.1 10.0.0.34 changes source address 192.168.1.1 to 10.0.0.34 while going from inside to outside,

192.168.1.1 is outside global address - the IP of some host in customer network.

my inside local addresses ale 10.0.0.34 and .35 and it is them i want to translate to 172.16.0.34 and tanslate the testination address of packet going from outside to inside at the same time.

Please see the att in the original post. left is the inside, right is the outside.

Highlighted
Hall of Fame Guru

NAT based on source address ?

Sorry, i missed the destination natted bit.

Could you clarify exactly what you want in terms of a traffic flow and where the connection is initiated from ?

Jon

Highlighted
Beginner

Re: NAT based on source address ?

Traffic flow can be initiated from both sides. Clients (right hand side) allways connect to 172.16.0.34 but then destination address must be translated to 10.0.0.34 if traffic is initiated from 192.168.1.1, or to 10.0.0.35 if initiated from 192.168.2.1

In other words each client has a dedicated server, but each of them is visible under one "public" ip

If any server (10.0.0.34 or .35) connects to any client it shout allways translate the source ip to 172.16.0.34 (that one is easy, simply overload)

So i other words in result i would like my NAT table look similar to this:

inside local     inside global     outside global     outside local

10.0.0.34        172.16.0.34      192.168.1.1         192.168.1.1

10.0.0.35        172.16.0.34      192.168.2.1         192.168.2.1

Highlighted
Hall of Fame Guru

NAT based on source address ?

I'm assuming that "ip nat inside" and "ip nat outside" cannot be switched around ie. the inside faces the clients and the outside your 10.0.0.x servers ?

I hate IOS NAT, it is so much simpler on an ASA/Pix

Jon

Highlighted
Beginner

NAT based on source address ?

No they can not.

I agree - IOS NAT can be pain in the neck. This relativly simple example shows it.

It would be fantastic if there were a possibility to manually set a NAT table entry

Highlighted
Hall of Fame Guru

Re: NAT based on source address ?

It's the fact that you are doing it outside to inside that is causing the problem because IOS is limited in it's options. I did have a laptop with GNS3 on it but that crashed so i can't test out any scenarios at present but i do remember trying to do something similiar before and getting tied up in knots with.

I do have a spare 2600 router knocking about so if i get the chance i'll set it up and do some testing but it could be a while.

I'll also have a look at some of the docs on NAT, it may turn something up.

Apologies for not being able to sort it immediately.

Jon

Highlighted
Beginner

NAT based on source address ?

This is my third atempt to solve this issue and probably I'll fail again

If i swapped inside and outside it wouldt work too cause then i couldnt do overload in outside->inside direction.

With best regards

Zbigniew

Highlighted
Hall of Fame Guru

NAT based on source address ?

Just a quick check, is the port the same port number for both 10.0.0.x servers ?

I suspect it is but just wanted to check.

Jon

Highlighted
Beginner

NAT based on source address ?

Yes, of course I would do a simple port forward otherwise

CreatePlease to create content
Content for Community-Ad