• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

Creating a second nat

I currently have one NAT (PAT) address for all traffic egressing a site via a 3845 router with Zone Firewalling.  The NAT is using the IP address on the external interface.  I want to create a separate NAT for users of my guest VLAN who will be in the 172.16.10.0 subnet.  They should all get natted to a different IP address than the interface IP.  Please comment if this looks good.  

My proposed change to do this:

ip nat inside source route-map SDM_RMAP_2 pool guestpool overload

ip nat pool guestpool 65.11.5.163 65.11.5.163 prefix-length 27

route-map SDM_RMAP_2 permit 1
 match ip address GuestNAT

ip access-list extended GuestNat
permit ip 172.16.10.0 0.0.0.255

The EXISTING configuration:  

interface GigabitEthernet0/0
 description ***** Public Gateway*****$ES_LAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 66.11.5.162 255.255.255.224
 ip nat outside
 zone-member security out-zone

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload

route-map SDM_RMAP_1 permit 1
 match ip address NatTraffic
!

ip access-list extended NatTraffic
 remark Traffic to be Natted
 remark CCP_ACL Category=2
 permit ip 10.0.0.0 0.255.255.255 any
0
amigan_99
Asked:
amigan_99
1 Solution
 
602650528Commented:
Perfect. This should work
0
 
amigan_99Author Commented:
Haha.  Yep - and so it did!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now