Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1303
Views
0
Helpful
4
Replies

Two Different Static NAT IP's for One Host

Go to solution
maximtretiakov
Level 1
Level 1

‎07-10-2011 09:56 PM - edited ‎03-07-2019 01:09 AM

Hello there,

I need to apply two static NAT IP's in different subnets for one host:

                        10.1.10.1 for other clients

                                         |

                                         |                                | 10.1.1.1 for Client1(192.168.1.0/24)

HOST(172.16.1.11) -- PIX515 -- Router3725 --|

                                                                          |  ??? 10.1.2.1 for Client2(192.168.2.0/24)

There is static nat 172.16.1.11<>10.1.1.1 for client1 on Router3725

There is static nat 172.16.1.11<>10.1.10.1 for other clients on PIX515

Is it possible to perform static NAT 172.16.1.11<>10.1.2.1 for client2 either on PIX515 or Router3725?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sylvain.munaut
Level 1
Level 1

‎07-10-2011 11:59 PM

Yes, you can restrict a static nat entry using route maps.

(assuming here than Vlan1 is the interface for client1 subnet and Vlan2 is interface for client2 subnet)

route-map rm_client1

match interface Vlan1

match ip address acl_client1

route-map rm_client2

match interface Vlan2

match ip address acl_client2

ip access-list extended acl_client1

permit ip any 192.168.1.0 0.0.0.255

ip access-list extended acl_client2

permit ip any 192.168.2.0 0.0.0.255

ip nat inside source static 172.16.1.11 10.1.1.1 route-map rm_client1

ip nat inside source static 172.16.1.11 10.1.2.1 route-map rm_client2

View solution in original post

0 Helpful
4 Replies 4

Go to solution
sylvain.munaut
Level 1
Level 1

‎07-10-2011 11:59 PM

Yes, you can restrict a static nat entry using route maps.

(assuming here than Vlan1 is the interface for client1 subnet and Vlan2 is interface for client2 subnet)

route-map rm_client1

match interface Vlan1

match ip address acl_client1

route-map rm_client2

match interface Vlan2

match ip address acl_client2

ip access-list extended acl_client1

permit ip any 192.168.1.0 0.0.0.255

ip access-list extended acl_client2

permit ip any 192.168.2.0 0.0.0.255

ip nat inside source static 172.16.1.11 10.1.1.1 route-map rm_client1

ip nat inside source static 172.16.1.11 10.1.2.1 route-map rm_client2

0 Helpful

Go to solution
maximtretiakov
Level 1
Level 1
In response to sylvain.munaut

‎07-11-2011 01:50 AM

Beautiful!   Thanks a lot!

Client1 and Client2 are accessible through the same interface, could it cause any problem? :

route-map rm_client1

match interface Fa0/0.10

match ip address acl_client1

route-map rm_client2

match interface Fa0/0.10

match ip address acl_client2

...

0 Helpful

Go to solution
sylvain.munaut
Level 1
Level 1
In response to maximtretiakov

‎07-11-2011 02:41 AM

No it should be fine.

You can also probably omit the 'match interface' altogether and just use the 'match ip address'

0 Helpful

Go to solution
maximtretiakov
Level 1
Level 1
In response to sylvain.munaut

‎07-11-2011 02:59 AM

Thank you!

0 Helpful
Customers Also Viewed These Support Documents