cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
309
Views
0
Helpful
1
Replies

Splitting NAT for different protocols

ronnie.loraine
Level 1
Level 1

Hello

I have an 878 SDSL router that is connected to a firewall.

Here are the details of the setup (addresses have been changed):

The router address is 192.168.1.1 and the firewall address is 192.168.1.3.  The public address set on the Dialer interface is 212.10.1.2 but they also have an outside public subnet that is routed to this which is 212.11.15.1/29.

What I am trying to achieve is to NAT on different addresses depending on the protocol of the traffic.  What I want is for all mail traffic (smtp on port 25) to go in and out on the Dialer address 212.10.1.1 but all other traffic (http, etc) to go in and out on 212.11.15.2.

Here is the relevant config I added:

ip inspect name FW smtp
!
interface Dialer0

ip inspect FW out
!
!
ip nat inside source static tcp 192.168.1.3 25 int Dialer0 25
ip nat inside source static 192.168.5.3 212.11.15.2

However this did not seem to work.  Mail used 212.11.15.2 rather than the dialer address.  Is there a problem with my config?  Or a better way of achieving this solution?

Many thanks for your help in advance

Ronnie

1 Reply 1

Latchum Naidu
VIP Alumni
VIP Alumni

Hi Ronnie,

You can achive that by using routemap under nat statement.


Create a routemaps like below

route-map SMTPTRAF permit 10
match ip address smtptraffic

route-map SMTPTRAFDENY permit 10
match ip address smtptrafficdenied


ip nat inside source static 192.168.1.3 int Dialer0 route-map SMTPTRAF
ip nat inside source static 192.168.5.3 212.11.15.2 route-map SMTPTRAFDENY


ip access-list extended smtptraffic
permit tcp host 192.168.1.3 any eq smtp
deny   tcp any any
deny   udp any any


ip access-list extended smtptrafficdenied
deny tcp host 192.168.1.3 any eq smtp
permit tcp any any
permit udp any any


Hope this helps you...


Regards,
Naidu.

Review Cisco Networking for a $25 gift card