Community,

I have a NAT situation that I am hoping you can help me resolve. We have an internal File Transfer system with IP 10.110.80.51. This system gets NATed to a static public IP address (64.x.x.113) that we own when it is to hit the internet or hop on a VPN tunnel. We have a situation where we need this same system to communicate with another customer (via S2S VPN), but the customer requires us to use a different internal IP provided by them for this system when communicating with them across the tunnel. That is to say, we cannot use the NAT entry that currently exists for this particular situation.

I was hoping I could NAT this internal system to the IP provided by the customer, but only during instances where the traffic is destined to their systems from us. I want all other traffic to get NATed to the existing 64.x.x.113 address when this system is destined anywhere else.

Will this work?

access-list extended CUST_NAT_ACL1

permit ip host 10.110.80.51 1.1.0.0 255.255.0.0 (first public dest subnet belonging to the customer)

permit ip host 10.110.80.51 2.2.0.0 255.255.0.0  (2nd public dest subnet belonging to the customer)

route-map CUST_RP1

match address CUST_NAT_ACL1

ip nat inside source static 10.110.80.51 10.201.103.169 (IP address provided by the customer) route-map CUST_RP1
ip nat inside source static 10.110.80.51 64.x.x113 (existing NAT for use in all other situations)

Also, will this NAT apply only to traffic originating from us to them? or is it bidirectional? Meaning if they send traffic on the tunnel to 10.110.80.51, will the NAT rule NAT the traffic to 10.201.103.169? If so, that would be undesirable behavior.

Thanks.