four steps to configure static nat with route-maps
DESCRIPTION
Leading Cisco networking products distributor-3network.com Static NAT configuration with the route-map option can be used to implement destination-based NAT scenarios where the same inside local address needs to be translated to more than one inside global address, depending on where the traffic is destined. This type of configuration will create an extended translation entry in the NAT table and will be useful when a network is multi-homed to different provider networks or partner networks, and the same inside local address has to be translated to different inside global addresses.TRANSCRIPT
Four steps to Configure Static NAT with Route-maps
Static NAT configuration with the route-map option can be used to implement
destination-based NAT scenarios where the same inside local address needs to be
translated to more than one inside global address, depending on where the traffic is
destined. This type of configuration will create an extended translation entry in the NAT
table and will be useful when a network is multi-homed to different provider networks or
partner networks, and the same inside local address has to be translated to different
inside global addresses.
This method is also useful when using NAT and IP Security (IPsec) together on a router
to reach a public network like the Internet, as well as other Virtual Private Network (VPN)
sites through the same NAT outside interface. The route-map option can be used to
translate only traffic going to the public network. It does not translate traffic destined for
other VPN sites reached through the public network. Though there are other ways of
achieving the same thing, this option allows the user to implement such a scenario
without degrading router performance.
Configuration overview:
A router R1 connects to the Internet through interface serial0/0 and is connected through
interface serial0/1 to a partner network which uses the 192.168.1.0/24 address space.
The LAN interface of the router is connected to the corporate inside network which
belongs to the 10.0.0.0/8 network. The requirement is that an inside host 10.1.1.10,
which could be a mail server, should be translated to address 200.1.1.10 when
communicating with the Internet. The same host should be translated to the 172.16.1.10
address when communicating with the partner network.
Router R1 static NAT with route map configuration:
Step1
interface Fa0/0
ip address 10.1.1.1 255.255.255.01
ip nat inside
!—This connects to the corporate network, designated as NAT inside interface.
interface S0/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
!—This connects to Internet, designated as NAT outside interface.
interface Serial0/1
ip address 172.16.1.1 255.255.255.0
ip nat outside
!—This connects to the Partner network, designated as NAT outside interface
Step2
access-list 100 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
!—This Access Control List (ACL) permits traffic from all hosts in the corporate network
destined for the partner network.
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
!—This ACL permits traffic from all hosts in the corporate network going to any
destination on the Internet.
Step3
route-map topartners permit 10
match ip address 100
set ip next-hop 172.16.1.2
!—This route-map matches all traffic matched by ACL 100 and going out of interface
serial 0/1. In other words, all traffic from the corporate network to the partner network is
matched.
route-map tointernet permit 10
match ip address 101
set ip next-hop 200.1.1.2
!—This route-map matches all traffic matched by ACL 101 and going out of interface
serial 0/0. In other words, all traffic from the corporate network to the Internet is matched.
Step4
ip nat inside source static 10.1.1.10 172.16.1.10 route-map topartners
! —The above line configures a static NAT mapping for the inside host 10.1.1.10 to the
global address 172.16.1.10 to be used for traffic matched by the route-map to partners.
ip nat inside source static 10.1.1.10 200.1.1.10 route-map tointernet
2
!—The above line configures a static NAT mapping for the inside host 10.1.1.10 to the
global address 200.1.1.10 to be used for traffic matched by the route-map to the Internet.
Verification command:
More related:
How to Configure Static NAT using Packet Tracer and GNS3 in a Cisco Router
Cisco wireless network technology of typical case
Cisco switch port security summary
More Cisco products and Reviews you can visit: http://www.3anetwork.com/blog
3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale
original new Cisco networking equipments, including Cisco Catalyst switches, Cisco
routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards
products at competitive price and ship to worldwide.
Our website: http://www.3anetwork.com
Telephone: +852-3069-7733
Email: [email protected]
Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong
3