• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

Creating a second nat

I currently have one NAT (PAT) address for all traffic egressing a site via a 3845 router with Zone Firewalling.  The NAT is using the IP address on the external interface.  I want to create a separate NAT for users of my guest VLAN who will be in the subnet.  They should all get natted to a different IP address than the interface IP.  Please comment if this looks good.  

My proposed change to do this:

ip nat inside source route-map SDM_RMAP_2 pool guestpool overload

ip nat pool guestpool prefix-length 27

route-map SDM_RMAP_2 permit 1
 match ip address GuestNAT

ip access-list extended GuestNat
permit ip

The EXISTING configuration:  

interface GigabitEthernet0/0
 description ***** Public Gateway*****$ES_LAN$$FW_OUTSIDE$$ETH-WAN$
 ip address
 ip nat outside
 zone-member security out-zone

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload

route-map SDM_RMAP_1 permit 1
 match ip address NatTraffic

ip access-list extended NatTraffic
 remark Traffic to be Natted
 remark CCP_ACL Category=2
 permit ip any
1 Solution
Perfect. This should work
amigan_99Author Commented:
Haha.  Yep - and so it did!

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now