Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
3
Replies

Static NAT policy (static NAT with ACL) with VRF

cdicesare
Level 1
Level 1

‎12-10-2011 03:17 AM - edited ‎03-07-2019 03:50 AM

Hello,

I must connect two same network (192.168.1.0/24). These networks are behind a firewall and a Cisco router 2811. The Cisco router 2811 implement VRF.

I would like implement static NAT on the two devices to allow the bidirectionnal communication between the two 192.168.1.0/24 networks.

For this I use the NATed network 1.1.1.0/24 and 2.1.1.0/24.

On the firewall, I implemented a static rule policy nat, which translate the source address 192.168.1.0/24 in address 1.1.1.0/24 WHEN 192.168.1.0/24 PC try to communicate with the subnet 2.1.1.0/24

I would like perform the same with the subnet 2.1.1.0/24. However, I don't find how to perform a static NAT policy, on the VRF galere. I don't want use the global routing table.

Here the ASA rule, that I want to convert on the Cisco router, can you help me

Static (in,out) 2.1.1.0 access-list 100

Access-list 100 permit ip 192.168.10.0 0.0.0.255 1.1.1.0 0.0.0.255 ??

A screenshot of the architecture is in this post.

Thank you in advance for your help.

Regards

Cédric

Labels:
Preview file
54 KB
0 Helpful
3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

‎12-10-2011 09:19 AM

See the bellow example where you can use ACL for policy nat

You replace the. Interface with nat pool you create

http://www.nil.si/ipcorner/EnterpriseMultiVRF/#chapter6

Hope this help

0 Helpful

cdicesare
Level 1
Level 1
In response to Marwan ALshawi

‎12-11-2011 01:24 AM

Thank you marwanshawi for this link !

Are you sure, the NAT pool allow to perform static NAT ? The communication could be bidirectionnal ?

I wish the PC with IP 192.168.1.10 in LAN A talk with the PC 192.168.1.10 in LAN B. When I use the destination 2.1.1.10.

The same with 192.168.168.1.11, 12, 13...

In the option of the NAT in the router I can use also use route-map.

I saw that proxy ARP must be implemented in this post

https://supportforums.cisco.com/thread/2005514

Thank you

Cédric

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to cdicesare

‎12-11-2011 01:29 AM

Its better to check what nat option with vrf your platform support and try it since you are aware about the logic

Network nat can be used or if you have only few hots to be translated you can use static translation per host

0 Helpful
Customers Also Viewed These Support Documents