03-25-2009 08:51 AM - edited 03-06-2019 04:48 AM
I would like to be able to NAT a specific address from one private IP to another to help with a routing issue we can't get around and just wanted to verify that the config below will do what I am looking for?
conf t
access-list 101 permit ip host 192.168.1.6 host 172.16.0.1
route-map transStatic permit 10
match ip address 101
ip nat inside source static 192.168.1.6 172.16.0.1
int x/x
ip nat inside
int x/y
ip nat outside
What I want is to translate 192.168.100.6 -> 172.16.0.1. However, this is the ONLY thing I want translated. I do not want any other traffic to/from 192.168.100.6 being translated. If there are any other ways to do this I would be open to those also. Thanks!
03-25-2009 09:48 AM
If all you want to do is translate 192.168.1.6 to 172.16.0.1 then you do not need -
1) the acl 101
2) the route-map transStatic
You were not referencing the route-map in your static translation anyway. So all you need is
ip nat inside source static 192.168.1.6 172.16.0.1
int x/x
ip nat inside
int x/y
ip nat outside
nothing else will be natted.
You would use a route-map with an acl if you wanted to NAT 192.168.1.6 to 172.16.0.1 but only if the destination was a specific address/subnet eg.
access-list 101 permit ip host 192.168.1.6 host 10.5.5.1
route-map transStatic permit 10
match ip address 101
ip nat inside source static 192.168.1.6 172.16.0.1 route-map transStatic
int x/x
ip nat inside
int x/y
ip nat outside
the above config would NAT 192.168.1.6 to 172.16.0.1 only if the destination that 192.168.1.6 was going to was 10.5.5.1.
Jon
03-25-2009 10:54 AM
Sorry about the typo with forgetting to add the route map..
Yea what you said is understood. But, I am essentially trying to create a noNAT like a PIX does. We have other PC's that connect to that host that I don't want translated.
I was thinking that if I did an ACL that denied anything from that host to the subnet in question (192.168.200.x) and then matched that in a route-map it would be like saying "only translate if not talking with that subnet"?
03-25-2009 12:18 PM
This is getting a bit confusing so can you post
1) Source address you want translated
2) address you want it translated to
3) destination address that the source is trying to reach if this is applicable.
It's still a little unclear. By using "ip nat inside" and "ip nat outside" under interfaces nothing is translated until you add additional config.
Jon
03-26-2009 07:39 AM
What I want is the following...
source = 192.168.100.6
destination = any
exception to NAT = 192.168.200.0/24
So basically I want to NAT 192.168.100.6 to 172.16.0.1 as long as the traffic is NOT destined for 192.168.200.0/24. Traffic from 192.168.100.6 destined to anything else will get NAT'd to 172.16.0.1. If 192.168.100.6 is talking to the 192.168.200.0/24 network then I don't want any NAT going on.
Thanks!
Hopefully that may clear it up a bit?
03-26-2009 08:59 AM
access-list 101 deny ip host 192.168.100.6 192.168.200.0 0.0.0.255
access-list 101 permit ip host 192.168.100.6 any
route-map transStatic permit 10
match ip address 101
ip nat inside source static 192.168.1.6 172.16.0.1 route-map transStatic
int x/x
ip nat inside
int x/y
ip nat outside
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide