• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

Cisco NAT issue

I have the following setup:

router1:
fa0/0 10.64.190.14
fa0/1 10.64.197.17/30

asa:
e0 10.64.197.18/30

Behind the ASA is an FTP server sitting on 10.64.197.111 - I do not manage the ASA.

I have a route to 10.64.197.64/26 sitting on router 1

I need to create NAT on router 1 so that any traffic headed to the FTP server at 10.64.197.111 is NAT to the fa0/1 address, ie 10.64.197.17 as the ASA has a rule that only allows FTP traffic from that IP.

How do I do this?
0
xyznetworks
Asked:
xyznetworks
  • 2
1 Solution
 
jmeggersCommented:
Try this config.  It should match anything from your inside subnet going to that single host, and NAT it to the interface address of FA0/1

access-list 100 permit ip 10.64.190.0 0.0.0.255 host 10.64.197.111

ip nat inside source list 100 interface fa0/1

int fa0/0
ip nat inside

int fa0/1
ip nat outside
0
 
xyznetworksAuthor Commented:
Thanks, I just need to check something though, traffic also comes from devices "behind" the 10.64.190.14 interface too and nothing is NAT as it crosses that interface, so will an permit ip any suffice in ACL 100?
0
 
xyznetworksAuthor Commented:
Many thanks, this worked a treat
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now