Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 518
  • Last Modified:

IOS router route-map

Hi experts,

In a IOS router (2621 router on 12.2 code):

I currently have a route-map to do an inside address translation.
Would I be able to use that same route-map to do an outside address translation?

Example:

ip nat inside source static 10.10.10.10 60.60.60.60 route-map SNmap extendable

route-map SNmap permit 10
 match ip address SNnat

ip access-list extended SNnat
permit ip host 10.10.10.10 host 200.200.200.200

ip nat outside source static 200.200.200.200 100.100.100.100 route-map SNmap  

What I am trying to accomplish with this outside translation is when the remote side's 200.200.200.200 comes into my network to access 60.60.60.60, it changes to source from 100.100.100.100.
0
trojan81
Asked:
trojan81
  • 3
  • 3
3 Solutions
 
trojan81Author Commented:
Forgot to mention this is an IPSEC tunnnel.
Encryption domain is:
Local: 10.10.10.10
Remote: 200.200.200.200

I'm trying to do source and destination NATing.
0
 
Marius GunnerudSenior Systems EngineerCommented:
could you please post a network diagram with interfaces and IP addresses of how you would like this to work.

thanks
0
 
Marius GunnerudSenior Systems EngineerCommented:
Also have you configured ip nat inside and ip nat outside on the correct interfaces?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Marius GunnerudSenior Systems EngineerCommented:
Here is a possible setup you could use:

ROUTER1 ===== INTERNET ===== ROUTER2

ROUTER1
int fa0/0
description OUTSIDE INTERFACE
ip add 1.1.1.1 255.255.255.0
crypto map VPN
ip nat outside

int fa0/1
description INSIDE INTERFACE
ip add 200.200.200.200 255.255.255.0
ip nat inside

ip nat pool POOL 100.100.100.100 100.100.100.100 netmask 255.255.255.0
ip nat inside source list 101 pool POOL overload

access-list 101 permit ip 200.200.200.0 0.0.0.255 60.60.60.0 0.0.0.255

access-list 102 permit ip 200.200.200.0 0.0.0.255 60.60.60.0 0.0.0.255
access-list 102 permit host 100.100.100.100 60.60.60.0 0.0.0.255

crypto map VPN 5 ipsec-isakmp
match address 102


ROUTER2
int fa0/0
description OUTSIDE INTERFACE
ip add 5.5.5.5 255.255.255.0
crypto map VPN

int fa0/1
description INSIDE INTERFACE
ip add 60.60.60.60 255.255.255.0

crypto map VPN 5 ipsec-isakmp
match address 102

access-list 102 permit ip 60.60.60.0 0.0.0.255 host 100.100.100.100


Keep in mind you still need to have the significant traffic matched int the crypto map ACL in addition to the one that allows access to 100.100.100.100
0
 
SanjeevlokeCommented:
A question comes to my mind when a packet from outside 200.200.200.200 comes to access 10.10.10.10

that route-map wont work as ACL should be reverse.
ip access-list extended SNnat
permit ip host 200.200.200.200  host 10.10.10.10....

U r scenario is bit confusing ..i will suggest u to create a GRE tunnel over ipsec and then directly route the traffic over GRE...
0
 
trojan81Author Commented:
I apologize, I didn't explain it correctly and I made a mistake on stating what the encryption domain is:
Local: 60.60.60.60
Remote: 200.200.200.200

I solved the problem. I had to use a different route-map.

ip nat outside source static 200.200.200.200 100.100.100.100 route-map SNmap2 extendable

route-map SNmap2 permit 10
 match ip address SNnat2

ip access-list extended SNnat2
permit ip host 200.200.200.200 host 60.60.60.60

ip nat outside source static 200.200.200.200 100.100.100.100 route-map SNmap  
0
 
trojan81Author Commented:
.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now