Hi,

I would share this lab that have implement on cisco ios router.

On the left, a server (172.16.0.1 GW 172.16.0.254) behind R1 router.
The server must be reacheable with two differents IP address
10.249.0.1 (C2 on the right) must use 10.20.0.1 in destination for reach 172.16.0.1
10.18.0.1 (C3 on the right) must use 10.30.0.1 in destination for reach 172.16.0.1



I've used a GRE tunnel between R1<=>R2 but it's not essential (it was for test a real topology)


On R1



Destinations 10.18.0.0/24 and 10.249.0.0/24 are routed through the GRE tunnel.

On R2



Same thing about R2, trafic to natted address (10.20.0.1 and 10.30.0.1) are routed through the tunnel

let's begin for the NAT on R1



I create 2 extended access-lists



access-list 102 to identify communication between C1 and C2
access-list 103 to identify communcation between C1 and C3

I'll use route-map for match these trafic



I create my static nat rules using my route-map



Let's try from C2 (10.249.0.1) to C1 (10.20.0.1)



On R1, let me show the debug



Same test but from C3 (10.18.0.1) to C1 (10.30.0.1)





It works !

I hope that's usefull for you.

_________________
Mario
Network Admin

CCNA certified.
Cisco SNAF courses studied (Securing Networks With ASA Foundation)
Cisco CCNP route courses in April 2012.

Hi Mario

I recreated your lab, is so good, so interesting.

I think, maybe is a solution to a few scenarios with servers behind a load balance.

In the next days I will send messages.

Cheers!

Dear,

I have created a lab setup to test the conditional NAT with route-map on GNS3. Please refer below for the setup details:

I took three routers to test this setup.
R1 has three connectivity to R2, R3 and R1cloud.
Loopback (IP Address:20.20.10.1) configured on R2 router.
Loopback (IP Address:30.30.10.1) configured on R3 router.

NAT is configured on R1 router:

1. created extended access-list to match the traffic.

Extended IP access list R2-LP1
10 permit ip host 10.10.10.10 host 20.20.10.1
Extended IP access list R2-LP2
10 permit ip host 10.10.10.10 host 30.30.10.1


2. Created route-map to match the access-list.
R1#sh route-map
route-map FROM-LOOP2, permit, sequence 10
Match clauses:
ip address (access-lists): R2-LP2
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map FROM-LOOP1, permit, sequence 10
Match clauses:
ip address (access-lists): R2-LP1
Set clauses:
Policy routing matches: 0 packets, 0 bytes




3. Apply route-map with static nat

ip nat inside source static 10.10.10.10 192.168.10.1 route-map FROM-LOOP1
ip nat inside source static 10.10.10.10 192.168.10.2 route-map FROM-LOOP2


when doing the testing from R2 and R3 I am able to reach the natted ip address through loopback but not getting any hits on access list and route-map. Able to do ping with source ip address also.

Please help..

Hello mario62223,

Do you have any idea how I would do that with NAT NVI? I need to translate de SOURCE and the DESTINATION at the same time. Could you give me a help?

PS: I am already translating the source address via dynamic NAT.


Thanks in advance.


Renato