Search this Blog

Sunday, February 2, 2014

How to configure static NAT with route-maps?


What are the steps involved in configuring he static NAT with route-maps?

To configure static NAT with route maps, use the following steps:

1) The first step in any NAT configuration is to define the inside and outside interfaces.
This can be done by issuing the ip nat inside command and the ip nat outside command under the specific interface configuration mode.

2) Use the following command to define an extended access list and the parameters of the access list:

access−list  {deny|permit}

The access list should specify which traffic arriving at the inside interface and destined to the outside interface is eligible to create a translation entry.

3) Configure route map and define the parameters of the route map.

4) Use below command to enable static NAT with route maps configured on the inside interface:

ip nat inside source list {acl−number|acl−name} pool pool−name[overload]|static local−ip global−ip route−map map−name}

Configuration overview:

A router R1 connects to the Internet through interface serial0/0 and is connected through interface serial0/1 to a partner network which uses the 192.168.1.0/24 address space. The LAN interface of the router is connected to the corporate inside network which belongs to the 10.0.0.0/8 network. The requirement is that an inside host 10.1.1.10, which could be a mail server, should be translated to address 200.1.1.10 when communicating with the Internet. The same host should be translated to the 172.16.1.10 address when communicating with the partner network. 

Topology Diagram:

static nat.jpg
Router R1 static NAT with route map configuration:
STEP: 1
interface Fa0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
!---This connects to the corporate network, designated as NAT inside interface.

interface S0/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
!---This connects to Internet, designated as NAT outside interface.

interface Serial0/1
ip address 172.16.1.1 255.255.255.0
ip nat outside
!---This connects to the Partner network, designated as NAT outside interface

STEP: 2
access-list 100 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
!---This Access Control List (ACL) permits traffic from all hosts in the corporate network destined for the partner network.

access-list 101 permit ip 10.0.0.0 0.255.255.255 any
!---This ACL permits traffic from all hosts in the corporate network going to any destination on the Internet.

STEP: 3
route-map topartners permit 10
match ip address 100
set ip next-hop 172.16.1.2
!---This route-map matches all traffic matched by ACL 100 and going out of interface serial 0/1. In other words, all traffic from the corporate network to the partner network is matched.

route-map tointernet permit 10
match ip address 101
set ip next-hop 200.1.1.2
!---This route-map matches all traffic matched by ACL 101 and going out of interface serial 0/0. In other words, all traffic from the corporate network to the Internet is matched.

STEP: 4
ip nat inside source static 10.1.1.10 172.16.1.10 route-map topartners
!---The above line configures a static NAT mapping for the inside host 10.1.1.10 to the global address 172.16.1.10 to be used for traffic matched by the route-map to partners.

ip nat inside source static 10.1.1.10 200.1.1.10 route-map tointernet
!---The above line configures a static NAT mapping for the inside host 10.1.1.10 to the global address 200.1.1.10 to be used for traffic matched by the route-map to the Internet.

Verification command:

71087.jpg


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */