Solved

policy based NAT on router

Posted on 2011-09-12
4
322 Views
Last Modified: 2012-06-21
Hello Experts,

It has been a long time since I have done NATing on an IOS router 2600 series with 12.x code.

Assume that f0/1 is IP NAT inside and f0/0 is IP NAT outside.

There is a VPN tunnel with 20.20.20.20 from the outside connecting to my 10.10.10.10 on inside.

When 20.20.20.20 from outside hits my 2800 router to access destination 10.10.10.10, I want it to translate to a source of 15.15.15.15.

It's a piece of cake to do it on an ASA.

0
Comment
Question by:trojan81
  • 2
4 Comments
 

Author Comment

by:trojan81
ID: 36526265
anyone?
0
 
LVL 18

Assisted Solution

by:jmeggers
jmeggers earned 100 total points
ID: 36526978
0
 
LVL 6

Accepted Solution

by:
Sanjeevloke earned 400 total points
ID: 36528489
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

interface F0/1
 ip address 100.100.100.1 255.255.255.0
 ip nat outside

ip nat outside source static 20.20.20.20 15.15.15.15


Debug O/P
00:29:21: IP: s=15.15.15.15 (FastEthernet0), d=10.10.10.10 (FastEthernet0), len 100, rcvd 3
00:29:21: IP: s=10.10.10.10 (local), d=15.15.15.15 (FastEthernet0), len 100, sending
00:29:22: IP: s=15.15.15.15 (FastEthernet0), d=10.10.10.10 (FastEthernet0), len 100, rcvd 3
00:29:22: IP: s=10.10.10.10 (local), d=15.15.15.15 (FastEthernet0), len 100, sending

R1# sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- ---                ---                              15.15.15.15        20.20.20.20
--- 10.10.10.10        10.10.10.10        15.15.15.15        20.20.20.20

0
 

Author Comment

by:trojan81
ID: 36531540
thank you sanjeevloke,

What if instead of source NATing to 15.15.15.15, I want it to PAT out of the egress interface which is 10.10.10.1.

Would you be able to provide me a sample syntax? Must appreciated!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now