From: Peter Kingston (kingstonp.ccie@gmail.com)
Date: Sun Aug 19 2007 - 04:48:40 ART
Hello,
If the customer is sourcing traffic from only one destination, I believe the
configuration below should work:
ip nat outside source route-map CUST->10.10.10.1 pool 1 add-route
ip nat outside source route-map CUST->10.10.10.2 pool 2 add-route
route-map CUST->10.10.10.1
match ip address 100
route-map CUST->10.10.10.2
match ip address 101
access-list 100 permit ip any host 10.10.10.1
access-list 101 permit ip any host 10.10.10.2
ip nat pool 1 172.16.50.1 172.16.50.1 prefix-length 32
ip nat pool 2 172.16.50.2 172.16.50.2 prefix-length 32
Interface fa0/0
description Customer interface
ip nat outside
interface fa1/0
description Connection to Core
ip nat inside
You can most likely do this with "ip nat inside source" command, which ever
you prefer. I thought of it afterwards and didn't want to rewrite this
e-mail.
-- Regards,Peter Kingston Studying my CCIE
On 8/18/07, NITIN NITIN <ccie_study_123@yahoo.com> wrote: > > Hi, > > > Can this be a valid solution , m weak in NAT ....... > If not please guide the right one > > CUSTOMER ip 1.1.1.1/24 > > > if the customer is targeting 10.10.10.1, translate the customer's > source > > IP > > to 172.16.50.1 > > if the customer is targeting 10.10.10.2, translate the customer's source > > IP > > to 172.16.50.2 > > ip nat inside source list 101 POOL ip-1 > > access-list 101 permit host 1.1.1.1 10.10.10.1 0.0.0.0 <<<<<matching > traffic > > pool ip-1 permit 172.16.50.1 172.16.50.1 /24 > > > and on interface cutomer is connected mark as ip nat inside > > Regards > Herbert Maosa <asawilunda@googlemail.com> wrote: > You can NAT the customer's source address if the traffic is going from > an > interface marked as outside to an interface marked as inside. The virtual > address that you NAT this address into must be routable in your inside > network, and must not be in the same subnet as an inside interface. > > > Herbert. > > On 8/17/07, Jersey Guy wrote: > > > > Folks, Just looking for some pointers on whether this can be done or > > not.... > > > > Customer connects to my router on FA0/1. He presents himself as a single > > IP > > address which I need to NAT on my side before sending it on to the core > > where the applications reside. Can I NAT the customer's source IP > address > > to > > different addresses depending on the target IP address? > > > > That is.... > > if the customer is targeting 10.10.10.1, translate the customer's source > > IP > > to 172.16.50.1 > > if the customer is targeting 10.10.10.2, translate the customer's source > > IP > > to 172.16.50.2 > > > > TIA, JG > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > > -- > Kindest regards, > hm > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > > > --------------------------------- > Luggage? GPS? Comic books? > Check out fitting gifts for grads at Yahoo! Search. > > --------------------------------- > Choose the right car based on your needs. Check out Yahoo! Autos new Car > Finder tool. > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:12 ART