[c-nsp] policy and static nat mix?

Ryan West rwest at zyedge.com
Fri Jan 7 13:58:26 EST 2011


On Jan 7, 2011, at 2:10 AM, Peter Serwe <peter.serwe at gmail.com<mailto:peter.serwe at gmail.com>> wrote:

> I've got static NAT's setup for a network IP, and I want to NAT to a
> different IP for a particular outside subnet specified in an ACL.
>
> That IP is already statically nat'd to another device.
>
> I've got the ACL crafted, but I'm unclear how to tie it to the outside I
> want to tie it to.
>
> Just to add to the complexity, that IP is already statically nat'd to
> another inside address, but on a different inside interface
>
> Inbound traffic (initiated from the outside) isn't a huge concern, although
> I'd like to do it for that subnet if possible,
> inbound return traffic should map back through the NAT (I think).
>
> I can't seem to figure out how I can keep both static NAT's but for one /29,
> specifically NAT to a different IP on the outside interface.
>

If I understand correctly, you'll need a policy NAT ACL that references your internal host to that outside subnet.  Then configure a static NAT  with the public address you want it to translate followed by the access-list keyword and NAT ACL.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

If you need inside to outside translations to be different, dynamic NAT will work for that.

-ryan


More information about the cisco-nsp mailing list