Configuring Static NAT Translations Using Route Maps

18 Mar

Configuring Static NAT Translations Using Route Maps
Static NAT supports the use of route maps, which give enterprises the opportunity to take advantage of multihoming without having to lose the features that static NAT provides. To configure static NAT with route maps, use the following steps:

1.Use this command to enable static NAT with route maps configured on the inside interface:

ip nat inside source list {acl−number|acl−name} pool pool−name
[overload]|static local−ip global−ip route−map map−name}

2.Use the following command to define an extended access list and the parameters of the access list:

access−list <acl−number> {deny|permit} <protocol> −
<source> <source−wildcard> <destination> <destination−
wildcard>

The access list should specify which traffic arriving at the inside interface and destined to the outside interface is eligible to create a translation entry.

3.Use this command to move into interface configuration mode:

interface <interface type> <interface number>

4.Use the ip nat inside interface configuration command to apply NAT to the interface that is connected to the networks with the local addresses.

5.Use the following command to move into interface configuration mode:

interface <interface type> <interface number>

6.Use the ip nat outside interface configuration command to apply NAT to the interface that is connected to the networks with the inside global addresses.

7.Use this command to enter route map configuration mode and define the parameters of the route map:

route−map <name> {permit|deny} <sequence number>}

Figure 3.6 shows a network in which the use of static NAT and route maps would be beneficial. Router 1 has a connection to Router 2 and another connection to Router 3. The hosts behind Router 1 have varying requirements: When a connection is established to hosts within Network 2 behind Router 2, their IP address should appear to be sourced from one subnet. Yet, when connections are established to hosts within Network 3 behind Router 3, their IP address should appear to be sourced from a different subnet. To meet the requirements, the configuration in Listing 3.12 can be used.

Listing 3.12: Router 1 static NAT with route map configuration.

hostname Router−1
!
interface Serial2/0
ip address 192.168.20.1 255.255.255.0
ip nat outside
!
interface Serial3/0
ip address 192.168.30.1 255.255.255.0
ip nat outside
!
interface Ethernet1/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
duplex full
speed 100
!
ip route 20.20.20.0 255.255.255.0 192.168.20.2
ip route 30.30.30.0 255.255.255.0 192.168.30.2
!
ip nat inside source static 10.10.10.43 192.168.20.2 −
route−map network2

!
ip nat inside source static 10.10.10.43 192.168.30.2 −
route−map network3
!
ip nat inside source static 10.10.10.65 192.168.20.3 −
route−map network2
!
ip nat inside source static 10.10.10.65 192.168.30.3 −
route−map network3
!
access−list 101 permit ip 10.10.10.0 0.0.0.255 −
20.20.20.0 0.0.0.255
!
access−list 102 permit ip 10.10.10.0 0.0.0.255 −
30.30.30.0 0.0.0.255
!
route−map network2 permit 10
match ip address 101
set ip next−hop 192.168.20.2
!
route−map network3 permit 10
match ip address 102
set ip next−hop 192.168.30.2

Figure 3.6: Example static NAT and route map network.
Note Because of the format limitations of this book, some lines of code listed above have been broken with a hyphen.

The configurations in Listing 3.11 and Listing 3.12 are very similar; in Listing 3.12 the route−map option is at the end of the ip nat inside source command. The inside and outside NAT interfaces are defined for Router 1. Each of the ip nat inside source static commands creates a static NAT translation entry and defines a route map that should be applied for each of the entries. The route map is configured to match addresses sourced from an inside subnet and destined for an outside subnet. The next hop to send the packet to is then defined.


Random Posts

No comments yet

Leave a Reply

You must be logged in to post a comment.