surfn008
asked on
Cisco IOS Policy Based NAT
We have a new policy not to route any Internet addresses on our internal network and now we need to NAT our customer's Internet addresses to a 10.x.x.x address. I only want to NAT the destination when traffic is sourced from a specific host, for testing purposes.
We are already translating 10.206.0.139 to 10.207.0.139 due to customer requirements.
ip nat inside source static 10.206.0.139 10.207.0.139
Source: 10.206.0.139
Destination: 63.76.164.134
Source NAT: 10.207.0.139
Destination NAT: 10.41.16.75
The source NAT is working with the static NAT statement, but the destination NAT is not.
I have setup a NAT pool...
ip nat pool vp-63.76.164.134 10.41.16.75 10.41.16.75 prefix-length 29
I have setup an access list...
Extended IP access list nat-vp-63.76.164.134
10 permit ip host 63.76.164.134 host 10.206.0.139
11 permit ip host 10.206.0.139 host 63.76.164.134
12 permit ip host 63.76.164.134 host 10.207.0.139
13 permit ip host 10.207.0.139 host 63.76.164.134
I have added this NAT statement...
ip nat outside source list nat-vp-63.76.164.134 pool vp-63.76.164.134
Am I on the right track? What might I be missing?
We are already translating 10.206.0.139 to 10.207.0.139 due to customer requirements.
ip nat inside source static 10.206.0.139 10.207.0.139
Source: 10.206.0.139
Destination: 63.76.164.134
Source NAT: 10.207.0.139
Destination NAT: 10.41.16.75
The source NAT is working with the static NAT statement, but the destination NAT is not.
I have setup a NAT pool...
ip nat pool vp-63.76.164.134 10.41.16.75 10.41.16.75 prefix-length 29
I have setup an access list...
Extended IP access list nat-vp-63.76.164.134
10 permit ip host 63.76.164.134 host 10.206.0.139
11 permit ip host 10.206.0.139 host 63.76.164.134
12 permit ip host 63.76.164.134 host 10.207.0.139
13 permit ip host 10.207.0.139 host 63.76.164.134
I have added this NAT statement...
ip nat outside source list nat-vp-63.76.164.134 pool vp-63.76.164.134
Am I on the right track? What might I be missing?
ip nat pool vp-63.76.164.134 10.41.16.75 10.41.16.75 prefix-length 29
ip nat outside source list nat-vp-63.76.164.134 pool vp-63.76.164.134
Extended IP access list nat-vp-63.76.164.134
10 permit ip host 63.76.164.134 host 10.206.0.139
12 permit ip host 10.206.0.139 host 63.76.164.134
15 permit ip host 63.76.164.134 host 10.207.0.139
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Let me know. You can hit me up on my profile via email if you want.
Thanks Jody.
Steve