STATIC NAT WITH ROUTE-MAPsteemCreated with Sketch.

in #network7 years ago (edited)

You are familiar with NAT technology. NAT help you to change IP address field in layer 3 header.
In almost documents you have read that static NAT makes one to one mapping between inside local IP address and inside global IP address. So what happened if you want to statically NAT an inside local IP address to two or more deferent inside global IP addresses.
For an instant example pay attention to following scenario:11.jpg

We have a server that could serve to two deferent part of customers in a single TCP port. Customers connect to this server via to deferent WAN infrastructures. So we have to translate this server’s IP address to two deferent IP addresses. And we have to use just one router as gateway for two deferent WANs. Now how we can implement this scenario?
In these situations we have a tricky method for NAT using route-map with NAT. In this method you can make conditionally mapping between an inside local IP address and two inside global IP addresses.
Here is the configuration of interfaces:
!
interface FastEthernet0/0
description <<WAN-1>>
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description <<WAN-2>>
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
description <<INSIDE-IF>>
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
Now we define to deferent ACL separating traffic goes to WAN1 and WAN2:
!
ip access-list extended TO-WAN-1
permit ip host 192.168.1.110 172.16.1.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 host 192.168.1.110
!
ip access-list extended TO-WAN-2
permit ip host 192.168.1.110 10.1.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 host 192.168.1.110
!
As you can see you should define traffic in both IN and OUT directions.
Now you should use these ACLs in Route Maps:
!
route-map TO-WAN-2 permit 10
match ip address TO-WAN-2
!
route-map TO-WAN-1 permit 10
match ip address TO-WAN-1
!
OK everything is ready for magic commands:
!
ip nat inside source static 192.168.1.110 10.1.1.2 route-map TO-WAN-2
ip nat inside source static 192.168.1.110 172.16.1.2 route-map TO-WAN-1
!
That is all. There is no big magic. Ha!
And the last step is defining inside and outside interfaces for NAT:
!
interface FastEthernet0/0
ip nat outside
!
interface FastEthernet0/1
ip nat outside
!
interface FastEthernet1/0
ip nat inside
!
I have used this solution in some scenario and it work perfectly in cisco 1941 and 2911 IOS 15.1.

#nat #security #trick
7 years ago in #network by
$0.55
  • Past Payouts $0.55, 0.00 TRX
  • - Author $0.52, 0.00 TRX
  • - Curators $0.02, 0.00 TRX
32 votes
Reply 4
Sort:  
  • Trending
    • [-]
     7 years ago 

    looking forward to see more posts about Cisco devices

    $0.00
      1 vote
      • and 1 more
      Reply
      [-]
       7 years ago 

      Follow me

      $0.00
        1 vote
        • and 1 more
        Reply
        [-]
         7 years ago 

        Nice post..i hope You can post again about Cisco Network..I Like You post

        $0.00
          Reply
          [-]
           7 years ago 

          It is your kindness. i try to post network trick like this. if you have any question pleas inform me about that. i will answer to these question in my next posts.

          $0.00
            Reply

            Coin Marketplace

            STEEM 0.20
            TRX 0.12
            JST 0.029
            BTC 61577.64
            ETH 3448.57
            USDT 1.00
            SBD 2.53