Re: NAT issue....need help fast

mjsully · ‎06-29-2005

I have a vpn tunnel that terminates into a Cisco router. Traffic is initiated on the remote end. The access-list for this tunnel looks as follows:

permit ip host 192.168.254.55 host 172.16.2.2 (172.16.2.2. being the remote client, 192.168.254.55 being the destination server on my end)

I need to be able to NAT the destination address 192.168.254.55 to the address of 10.16.16.16 (the true address of the server inside) before it exits the inside interface of the router. I can't setup a simple static translation because I only want this NAT applied to when the 172.16.2.2 client comes across the tunnel to the 192.168.254.55 address. I have other tunnels on this router that reference the true 10.16.16.16 address and don't want it translated when it pertains to them. I think I need to NAT to some sort of access-list but I am unsure on how to set it up. Please help.

rlcarr · ‎06-29-2005

Apply your 'nat inside' and 'nat outside' commands to your correct interfaces.

Build a pool and ACL similar to below. Make sure the mask you use is correct for your real servers network.

If you end up wanting to add more clients to this NAT rule, just increase your ACL and add the "overload" keyword to the "ip nat inside source list"

!Begin

!

ip nat pool POOL2NAT 192.168.254.55 192.168.254.55 netmask 255.255.255.0

ip nat inside source list MY-ACL pool POOL2NAT

!

ip access-list extended MY-ACL

permit ip host 172.16.2.2 host 10.16.16.16

!

!End